tao-train-image-classification
Warn
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The metadata in SKILL.md lists the author as "NVIDIA Corporation", which contradicts the authoritative author context ("promptingcompany"). This misleading metadata can influence the agent's trust model and mislead users regarding the skill's provenance.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external, potentially untrusted data files.
- Ingestion points: Dataset images and class definition files (classes.txt) referenced in SKILL.md and references/skill_info.yaml.
- Boundary markers: Absent. No delimiters or warnings are defined to prevent the agent from obeying instructions embedded in these external files.
- Capability inventory: The skill has Bash tool access and executes high-privilege Docker commands (references/tao-deploy-image-classification.md).
- Sanitization: Absent. There is no evidence of content validation or filtering for ingested dataset components.
- [COMMAND_EXECUTION]: The skill documentation provides instructions for executing shell commands and running Docker containers from the NVIDIA Container Registry (nvcr.io).
Audit Metadata