serverless-modal
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide for the Modal serverless GPU service, offering code patterns for training and inference workloads. All described operations are standard for the platform.
- [EXTERNAL_DOWNLOADS]: The skill references the installation of the 'modal' Python package and common machine learning dependencies (e.g., torch, transformers, vllm) from standard repositories.
- [COMMAND_EXECUTION]: Provides templates for executing training and inference tasks via Modal's CLI and Python API, which is the core functionality of the skill.
- [DATA_EXFILTRATION]: Uses placeholders for API tokens and includes a prominent security warning advising users to manage payment details exclusively through the official Modal website.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface where user-provided task descriptions are interpolated.
- Ingestion points: 'SKILL.md' header (via $ARGUMENTS).
- Boundary markers: Absent.
- Capability inventory: Bash, Write, Edit, and Agent tools.
- Sanitization: No explicit sanitization or input validation is present.
Audit Metadata