funsloth-train
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill instructs the agent to generate and execute local Python scripts (e.g.,
scripts/train_sft.py). This is a legitimate feature but involves running dynamically generated code. - [EXTERNAL_DOWNLOADS] (LOW): The generated notebooks include installation instructions for the Unsloth library. While Unsloth is a widely used tool for model optimization, the skill inherently encourages the installation of external software.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill uses user-supplied variables like
model_nameanddataset_nameto populate the generated training code. This creates a surface where a malicious user could provide a crafted model or dataset name that triggers unwanted behavior when processed by library loaders likeFastLanguageModel.from_pretrained()orload_dataset(). - Ingestion points: Variable
model_nameanddataset_namein the YAML context. - Boundary markers: Absent; inputs are directly interpolated into templates.
- Capability inventory: File writing (notebook generation), shell command execution (script running), and model/dataset loading.
- Sanitization: None specified for the interpolated user strings.
Audit Metadata