Skills
skills/alirezarezvani/claude-skills/senior-computer-vision/Gen Agent Trust Hub

senior-computer-vision

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill ingest user-provided dataset files (JSON, XML, TXT). It lacks explicit boundary markers or sanitization for these inputs, which could be used to influence the agent's behavior if malicious instructions are embedded in annotations or metadata.\n
  • Ingestion points: scripts/dataset_pipeline_builder.py (JSON/XML/TXT parsing), scripts/vision_model_trainer.py (YAML/JSON parsing).\n
  • Boundary markers: Absent.\n
  • Capability inventory: Local file read/write, symlinking, and command generation for external CLIs (yolo, trtexec).\n
  • Sanitization: Standard parsers like json and xml.etree.ElementTree are used without additional input validation.\n- [REMOTE_CODE_EXECUTION]: The scripts/inference_optimizer.py script uses torch.load() to analyze model checkpoints. This function is vulnerable to arbitrary code execution via malicious pickle data. While necessary for model analysis, it should be used with caution on models from untrusted sources.\n- [COMMAND_EXECUTION]: Several scripts perform file system management tasks, including directory creation and file copying/symlinking. These operations are restricted to paths provided by the user and are used for dataset organization.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:40 PM