finetuning
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill acts as a template-based generator for SageMaker fine-tuning workflows. It uses pre-defined Markdown and Python templates to structure notebooks and scripts. The instructions strictly forbid the agent from performing high-risk actions such as accepting model EULAs or running the training jobs itself, ensuring the user maintains full control over the execution environment.
- [COMMAND_EXECUTION]: The notebook templates provided by the skill contain shell commands for dependency installation (pip) and SageMaker SDK calls. These are documented as templates for the user to run within their own Jupyter environment. The skill logic includes specific rules to prevent the agent from executing these cells, mitigating the risk of unauthorized command execution.
- [PROMPT_INJECTION]: The skill processes data from conversation context and local specification files (e.g., use_case_spec.md) to generate configuration values like model names and resource identifiers. This architectural pattern represents an indirect prompt injection surface; however, the skill implements validation rules for naming patterns (alphanumeric with hyphens) and mandates user review of all generated outputs, which effectively manages the risk.
- [DATA_EXFILTRATION]: The generated code interacts with AWS S3 buckets and IAM roles to facilitate model training. This behavior is consistent with the skill's primary purpose and uses official AWS SageMaker patterns. No hardcoded credentials or data transfer to unauthorized external domains were identified.
Audit Metadata