Skills
skills/davila7/claude-code-templates/stable-baselines3/Gen Agent Trust Hub

stable-baselines3

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The skill utilizes Stable Baselines3 loading functions which rely on the unsafe pickle module for deserialization.\n
  • Evidence: Scripts evaluate_agent.py and train_rl_agent.py use PPO.load() and VecNormalize.load(). Loading crafted model files from untrusted sources enables arbitrary code execution.\n- [Indirect Prompt Injection] (LOW): The skill processes external data from Gymnasium environments, creating a vulnerability surface for indirect prompt injection.\n
  • Ingestion points: observation and info dictionaries in scripts/custom_env_template.py and scripts/evaluate_agent.py.\n
  • Boundary markers: Absent. No specific delimiting of observation data in prompts is mentioned.\n
  • Capability inventory: model.save() (file write), os.makedirs() (filesystem manipulation), and SubprocVecEnv (subprocess spawning) in scripts/train_rl_agent.py.\n
  • Sanitization: Absent. Observations are used directly for model predictions without validation.\n- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill documentation recommends installing external dependencies.\n
  • Evidence: SKILL.md contains uv pip install stable-baselines3. This refers to a standard, well-known package on PyPI, and the risk is considered low per [TRUST-SCOPE-RULE].
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 09:09 PM