tao-train-pose-classification
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute model training, evaluation, and export tasks via thepose_classificationCLI tool, as defined in thereferences/skill_info.yamlfile. These commands are a core part of the skill's functionality. - [CREDENTIALS_UNSAFE]: The action schemas (e.g.,
schemas/evaluate.schema.json) define anencryption_keyproperty for model security. Although this field defaults to an empty string, it lacks masking directives or sensitivity markers in the schema, which is a best-practice violation for handling potentially sensitive cryptographic data. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data—such as dataset paths and spec overrides—into its execution flow. It also interprets natural language phrases like "turn off AutoML" to change its internal policy, which is a common pattern for AI agent interactions.
- [EXTERNAL_DOWNLOADS]: The documentation provides examples of using remote storage (e.g., Amazon S3 buckets) for data ingestion. While these are standard practices for machine learning training workflows, they represent an external data dependency that the agent must manage.
Audit Metadata