atc-model-converter
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its automated code analysis features. It parses untrusted user repositories to discover model parameters and generate adaptation logic.
- Ingestion points: User-provided model weights and local code repositories (Workflow 1 and 4).
- Boundary markers: Absent. The agent is directed to parse and trust user code without delimiters or safety warnings.
- Capability inventory: Shell execution (grep, find), file system writes, and execution of generated Python scripts that import user code.
- Sanitization: No validation or sanitization is performed on user-provided paths or imported module names.
- [COMMAND_EXECUTION]: The toolkit performs dynamic code generation and execution. Workflow 1 (Phase 2) generates Python 'probe' scripts that import user-provided modules to extract tensor information at runtime. Workflow 4 (Step 2) generates a complete inference script (e2e_infer_om.py) that imports and executes preprocessing and postprocessing logic directly from the user's repository. Additionally, scripts/export_onnx.py uses torch.load with weights_only=False, which allows for arbitrary code execution when loading untrusted model files.
- [EXTERNAL_DOWNLOADS]: The skill references downloads for performance tools from Huawei's official OBS (aisbench.obs.myhuaweicloud.com). This is documented as a fetch from a well-known service provider for the target hardware environment.
Audit Metadata