funsloth-upload
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill reads from the local file system (./outputs/lora_adapter) and uploads contents to an external platform (Hugging Face). If the repository identifier is controlled by an attacker or influenced via prompt injection, sensitive model weights or other proprietary data could be exfiltrated to an unauthorized repository.
- [COMMAND_EXECUTION] (HIGH): The skill executes Python code snippets that interact with the huggingface_hub and unsloth libraries and invokes a bundled script (scripts/convert_gguf.py). This provides a runtime execution surface that can be exploited if input parameters are not strictly validated.
- [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection. It ingests untrusted metadata such as dataset names, base model identifiers, and training configurations from external sources (Gather Context step) without sanitization or boundary markers. This ingested content is directly used to generate documentation and configure upload commands, potentially allowing an attacker to hijack the agent's logic through poisoned metadata.
Recommendations
- AI detected serious security threats
Audit Metadata