diffusers-ascend-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the installation of standard, well-known Python packages such as
diffusers,transformers,accelerate, andpeftfrom official PyPI registries. Documentation and weight references point to trusted organizations including HuggingFace and GitHub. - [COMMAND_EXECUTION]: Local execution is facilitated through scripts like
run_pipeline.pyandbenchmark_pipeline.py. Multi-card distributed inference utilizestorchrunand thehcclbackend, which are standard utilities for the Ascend NPU ecosystem. Input arguments are used for configuration within these local processes. - [PROMPT_INJECTION]: The skill ingests user-provided text prompts to drive image and video generation pipelines. This constitutes an indirect prompt injection surface as described in Category 8:
- Ingestion points: The
args.promptparameter inrun_pipeline.py,benchmark_pipeline.py, andrun_context_parallel.py. - Boundary markers: No specific delimiters or safety warnings are applied to the user-supplied prompt before it is passed to the diffusion models.
- Capability inventory: The skill possesses the capability to execute model inference on NPU/CPU and write generated files (PNG, MP4, JSON) to the local filesystem.
- Sanitization: No explicit sanitization or filtering of the prompt text is performed before processing by the model.
- [DYNAMIC_EXECUTION]: In
run_pipeline.pyandbenchmark_pipeline.py, the skill dynamically loads pipeline classes from thediffuserslibrary usinggetattrbased on the--pipeline-classargument. This is a common and legitimate design pattern for supporting diverse model architectures within the Diffusers framework.
Audit Metadata