funsloth-hfjobs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The
scripts/train_sft.pyfile includes a PEP 723 dependency onunslothhosted atgit+https://github.com/unslothai/unsloth.git. While essential for the skill's primary purpose, theunslothaiorganization is not in the trusted sources list, which could allow for the execution of unverified code if the repository were compromised. - COMMAND_EXECUTION (MEDIUM): The
references/TROUBLESHOOTING.mdfile suggests executingsudo apt install nvidia-driver-535. Recommending high-privilegesudocommands for environment configuration poses a risk of privilege escalation if not handled carefully by the user. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted external data during the training phase.
- Ingestion points:
DATASET_NAME(e.g.,mlabonne/FineTome-100k) inscripts/train_sft.py. - Boundary markers: Absent; the training script uses standard
SFTTrainerlogic without explicit delimiters to prevent the model from learning malicious instructions embedded in the dataset. - Capability inventory: File system write access to
outputs/, sub-process execution viahuggingface-cli, and optional network uploads to Hugging Face and WandB. - Sanitization: None; the data is mapped directly into the training prompt via
tokenizer.apply_chat_template. - CREDENTIALS_UNSAFE (LOW):
SKILL.mdsuggests usingexport WANDB_API_KEY="your-key". While this is a placeholder and not a hardcoded secret, users should be reminded to use environment management tools or secret stores rather than plain text command history.
Audit Metadata