llama-factory
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill metadata lists dependencies including 'llmtuner', 'torch', and 'transformers'. While libraries from HuggingFace and Meta are within trusted scopes, 'llmtuner' is a third-party package. These are standard for the tool's purpose but represent external code dependencies.
- NO_CODE (SAFE): The skill consists entirely of Markdown documentation and contains no executable scripts or binaries.
- PROMPT_INJECTION (SAFE): No instructions were detected that attempt to override agent safety protocols, exfiltrate system prompts, or bypass constraints.
- DATA_EXFILTRATION (SAFE): No patterns for accessing sensitive file paths or hardcoding credentials were identified.
- INDIRECT_PROMPT_INJECTION (INFO): The skill's ingestion points are limited to its own static reference files. It lacks the capability to execute subprocesses or perform file-write operations, minimizing the risk of multi-step chains.
Audit Metadata