byted-ark-trainer

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for setting workspace file permissions (chmod 755 and chmod 644) to ensure the FaaS environment can traverse directories and read scripts. It also uses the ark CLI and ark-trainer-helper to submit training jobs and manage endpoints.- [DYNAMIC_EXECUTION]: The scripts/modules/train.py module uses importlib and __import__ to dynamically load and execute user-supplied Python scripts (rollout.py and grader.py). This is a documented requirement for running custom reinforcement learning (RL) evaluation logic.- [EXTERNAL_DOWNLOADS]: The skill documentation guides the user to install the ark_sdk and volcengine-python-sdk from official Volcengine-owned domains (volces.com and volcengineapi.com). These are recognized vendor resources.- [DATA_EXPOSURE]: The skill manages sensitive credentials (ARK_API_KEY, VOLCENGINE_ACCESS_KEY, VOLCENGINE_SECRET_KEY) by reading them from environment variables and .env files. This follows standard security practices for local development tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 07:25 AM
Security Audit — agent-trust-hub — byted-ark-trainer