ml-serving-optimization
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
InferenceCacheclass inSKILL.mduses thepickle.loads()function to deserialize data fetched from a Redis instance. This is a known security vulnerability because thepicklemodule can execute arbitrary code during the deserialization process. If an attacker gains access to the Redis instance or if it stores untrusted data, this implementation could lead to remote code execution on the serving infrastructure. - Evidence: In
SKILL.md, theInferenceCache.getmethod contains the linereturn pickle.loads(cached)which processes data directly fromself.redis.get(key). - Remediation: Use a safer alternative for serialization such as
jsonormsgpack, or ensure that data retrieved from the cache is strictly validated before use.
Audit Metadata