nanochat-llm-training
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the nanochat source code from GitHub and downloads the uv package manager from astral.sh. These are recognized as reputable sources for machine learning tools.
- [REMOTE_CODE_EXECUTION]: Executes a remote shell script from astral.sh to install the uv tool. This is a common installation method for this utility from a well-known source.
- [COMMAND_EXECUTION]: Utilizes system-level commands like torchrun and subprocess.run to manage the training lifecycle, which involves significant system interaction.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection due to the combination of data ingestion (dataset.py) and an explicit Python code execution tool (execution.py) for the model. 1. Ingestion points: External datasets processed via nanochat/dataset.py and synthetic data scripts. 2. Boundary markers: No explicit delimiters or safety instructions are defined in the skill documentation to separate data from instructions. 3. Capability inventory: Includes a dedicated Python code execution module (execution.py) and various subprocess calls for training and inference. 4. Sanitization: No evidence of input validation or sanitization is present in the provided skill content.
Recommendations
- HIGH: Downloads and executes remote code from: https://astral.sh/uv/install.sh - DO NOT USE without thorough review
Audit Metadata