Skills
skills/aradotso/trending-skills/turboquant-pytorch/Gen Agent Trust Hub

turboquant-pytorch

Fail

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone source code from an external repository located at https://github.com/tonbistudio/turboquant-pytorch.
  • [EXTERNAL_DOWNLOADS]: Fetches PyTorch binaries from the official download.pytorch.org domain, which is a well-known service for machine learning dependencies.
  • [REMOTE_CODE_EXECUTION]: Provides instructions to download a remote repository and immediately execute its internal modules using python -m turboquant.test_turboquant and python -m turboquant.validate.
  • [REMOTE_CODE_EXECUTION]: Includes example code that uses pickle.load() to deserialize data from a local file. This is an unsafe practice as loading crafted pickle files can lead to arbitrary code execution.
  • [COMMAND_EXECUTION]: Commands are provided to manipulate the host system's environment, including git clone, pip install for multiple external packages, and python module execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 28, 2026, 03:09 AM