unsloth-sft
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file path access, or outbound network operations were detected.
- [Obfuscation] (SAFE): All scripts and documentation are in plain text with no encoded or hidden content.
- [Unverifiable Dependencies & RCE] (SAFE): Dependencies (unsloth, trl, datasets) are standard libraries in the machine learning ecosystem. No remote code execution patterns or dynamic script loading were found.
- [Indirect Prompt Injection] (LOW): The skill is designed to process external datasets (ShareGPT, Alpaca). While it lacks explicit sanitization for malicious instructions embedded in training data, the provided scripts only perform data structure mapping without any side-effect capabilities like execution, network access, or file writing.
- [Privilege Escalation & Persistence] (SAFE): No commands for acquiring higher permissions or maintaining access across sessions (e.g., shell profile modifications) were identified.
Audit Metadata