llm-serving-auto-benchmark
Pass
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill adheres to security best practices, specifically concerning credential hygiene and safe data deserialization. Utility scripts use
yaml.safe_load()to prevent potential code execution vulnerabilities during configuration loading. - [EXTERNAL_DOWNLOADS]: The skill facilitates the acquisition of official container images from reputable sources including the lmsysorg, vllm, and NVIDIA (nvcr.io) repositories. These actions are standard for setting up the required benchmarking environments.
- [COMMAND_EXECUTION]: The skill provides well-documented templates for running legitimate framework-native serving and benchmarking tools such as vllm serve and sglang.launch_server.
- [DATA_EXFILTRATION]: Clear instructions are provided to ensure sensitive environment variables like HF_TOKEN are handled securely using container-native features, preventing their inclusion in logs or artifacts.
Audit Metadata