tao-train-pose-classification

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute model training, evaluation, and export tasks via the pose_classification CLI tool, as defined in the references/skill_info.yaml file. These commands are a core part of the skill's functionality.
  • [CREDENTIALS_UNSAFE]: The action schemas (e.g., schemas/evaluate.schema.json) define an encryption_key property for model security. Although this field defaults to an empty string, it lacks masking directives or sensitivity markers in the schema, which is a best-practice violation for handling potentially sensitive cryptographic data.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data—such as dataset paths and spec overrides—into its execution flow. It also interprets natural language phrases like "turn off AutoML" to change its internal policy, which is a common pattern for AI agent interactions.
  • [EXTERNAL_DOWNLOADS]: The documentation provides examples of using remote storage (e.g., Amazon S3 buckets) for data ingestion. While these are standard practices for machine learning training workflows, they represent an external data dependency that the agent must manage.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:36 PM
Security Audit — agent-trust-hub — tao-train-pose-classification