Skills
skills/89jobrien/steve/mlx-fine-tuning/Gen Agent Trust Hub

mlx-fine-tuning

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by design, as it is intended to process external datasets for model fine-tuning.
  • Ingestion points: The skill ingests training data from train.jsonl and valid.jsonl as described in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded prompts within the JSONL data are specified.
  • Capability inventory: The skill utilizes the mlx_lm package to execute fine-tuning logic, which involves intensive processing of the provided data.
  • Sanitization: No sanitization or validation logic for the content of the training messages is provided in the skill scripts.
  • [EXTERNAL_DOWNLOADS]: The environment validation script contains a reference to the official installer for the 'uv' package manager.
  • Evidence: The script scripts/validate_environment.py suggests installing uv using curl -LsSf https://astral.sh/uv/install.sh | sh if it is not found on the system. This targets the official domain of a well-known developer tool.
  • [COMMAND_EXECUTION]: The scripts/validate_environment.py script executes several system commands to verify the environment.
  • Evidence: It uses subprocess.run to call sysctl for hardware information and uv --version to check for the package manager. These are standard environment discovery operations.
Recommendations
  • HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 9, 2026, 10:11 PM