gemma-tuner-multimodal
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone and install a software package from a third-party GitHub repository (mattmireles/gemma-tuner-multimodal) and install dependencies from unverified requirements files.
- [REMOTE_CODE_EXECUTION]: By guiding the user to install the repository via 'pip install -e .' and run the 'gemma-macos-tuner' CLI, the skill promotes the execution of unverified remote code on the local system.
- [COMMAND_EXECUTION]: The instructions require the user to execute numerous shell commands, including environment variable exports for Hugging Face tokens and Google Cloud Service Account paths.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection through the datasets it processes.
- Ingestion points: Reads training data from local CSV files, Google Cloud Storage (GCS) buckets, and BigQuery tables.
- Boundary markers: No specific delimiters or safety instructions are defined to separate training data content from the agent's logic.
- Capability inventory: The system executes training loops, performs file system operations for model checkpoints, and maintains network connections for dataset streaming.
- Sanitization: There is no evidence of sanitization or filtering of the input data to prevent the model or agent from potentially obeying instructions embedded within the training samples.
Audit Metadata