hugging-face-trackio
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'trackio' library from standard package registries. This tool is part of the established machine learning infrastructure provided by the Gradio/Hugging Face ecosystem.
- [COMMAND_EXECUTION]: The skill utilizes a CLI for discovering projects and inspecting metrics. It also suggests a workflow where an autonomous agent modifies training scripts and launches training processes based on experiment diagnostics.
- [DATA_EXFILTRATION]: The alerts functionality includes support for sending notifications to external webhooks, such as Slack or Discord. While a standard feature for remote training monitoring, this establishes a network communication path for experiment data.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface within the autonomous iteration workflow.
- Ingestion points: The agent retrieves diagnostic alerts and metrics from a database via 'trackio list alerts --json'.
- Boundary markers: Although data is structured in JSON, the skill lacks instructions for the agent to distinguish between valid diagnostic data and potentially malicious instructions embedded in alert fields.
- Capability inventory: The agent is tasked with modifying training scripts and executing shell commands (e.g., 'python train.py') based on the ingested data.
- Sanitization: There is no evidence of validation or escaping for alert content before it is used to inform script modifications or command-line arguments.
Audit Metadata