Skills
skills/secondsky/claude-skills/model-deployment/Gen Agent Trust Hub

model-deployment

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The skill includes code templates using joblib.load() to load machine learning models from disk. This performs deserialization which can execute arbitrary code if the model files are untrusted.
  • [COMMAND_EXECUTION]: Provides instructions and shell scripts for container builds, Kubernetes orchestration, and dependency management using docker, kubectl, and pip.
  • [EXTERNAL_DOWNLOADS]: Fetches base images (e.g., python:3.11-slim, redis:alpine) and third-party libraries from public registries during the build and deployment workflow.
  • [INDIRECT_PROMPT_INJECTION]: API endpoints ingest numerical features from external requests. The skill mitigates this attack surface by implementing Pydantic models with strict validation logic.
  • [CREDENTIALS_UNSAFE]: Includes a default credential (admin) in a Grafana configuration template intended for local development environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 07:40 AM