tao-train-pointpillars

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected. Ingestion points: SKILL.md (the agent constructs command arguments and configuration overrides from potentially untrusted user-supplied paths). Boundary markers: Absent. Capability inventory: The skill uses the Bash tool to execute pointpillars CLI commands as defined in references/skill_info.yaml. Sanitization: Absent. No explicit path validation or input cleaning is prescribed before interpolation into shell commands.
  • [REMOTE_CODE_EXECUTION]: Potential risk of arbitrary code execution through unsafe deserialization. Evidence: The skill's configuration schemas (e.g., schemas/dataset_convert.schema.json) and spec templates reference the use of .pkl (Pickle) files for storing dataset metadata and information. Deserializing data from untrusted Pickle files is a known vector for code execution.
  • [COMMAND_EXECUTION]: Facilitates the execution of complex machine learning workflow commands. Evidence: The skill defines multiple actions in references/skill_info.yaml (train, evaluate, export, etc.) that map to shell commands executed via the pointpillars CLI within Docker containers.
  • [EXTERNAL_DOWNLOADS]: References external resources for model deployment and runtime environments. Evidence: Documentation in references/tao-deploy-pointpillars.md provides commands to pull Docker images from the NVIDIA Container Registry (nvcr.io).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:36 PM
Security Audit — agent-trust-hub — tao-train-pointpillars