vss-deploy-detection-tracking-2d

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: A detailed audit of all 51 files, including 23 scripts and various reference documents, reveals no malicious intent, prompt injection, or data exfiltration patterns.
  • [EXTERNAL_DOWNLOADS]: The skill downloads model weights and test videos from NVIDIA NGC registries (nvcr.io, ngc.nvidia.com). These are established vendor sources and are treated as safe per policy.
  • [COMMAND_EXECUTION]: Shell and Python scripts are used to manage Docker containers and update INI/YAML configurations. These operations are restricted to the deployment environment and are essential for the skill's function.
  • [CREDENTIALS_UNSAFE]: The skill manages NVIDIA NGC credentials. It enforces secure file permissions (0600) and includes sophisticated Python-based regex logic to redact API keys and authorization tokens from deployment logs and reassembled docker run command lines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:36 PM
Security Audit — agent-trust-hub — vss-deploy-detection-tracking-2d