finetuning-setup
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow instructions in SKILL.md (Steps 2 and 3) require the agent to execute shell commands by interpolating variables like and directly into command strings (e.g., 'python finetuning-setup/scripts/get_model_names.py '). This pattern is susceptible to command injection if the variables, which are sourced from external API responses or user selections, contain shell metacharacters such as semicolons, pipes, or ampersands.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes data from untrusted sources that influence its execution flow and command construction. 1. Ingestion points: Contents of use_case_spec.md and metadata results from SageMaker ListHubs and the included Python scripts. 2. Boundary markers: Absent; there are no delimiters or instructions to treat external data as untrusted or to ignore embedded commands. 3. Capability inventory: The agent has the capability to execute shell scripts and perform AWS actions via the aws___call_aws tool. 4. Sanitization: Absent; the skill does not specify any validation, escaping, or filtering for the hub or model names before they are used in the command-line interface.
Audit Metadata