clip-aware-embeddings
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires standard machine learning packages (transformers, torch, pillow, sentence-transformers) from PyPI, which are considered trusted sources.
- COMMAND_EXECUTION (LOW): The skill utilizes the Bash tool to run Python utility scripts for validation and diagnostics. This is a standard capability for this skill type.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (specifically shell injection) due to how it handles user-provided data.
- Ingestion points: User-supplied queries passed as arguments to
scripts/validate_clip_usage.pyandscripts/diagnose_clip_issue.py. - Boundary markers: None identified in the documentation to separate user data from command syntax.
- Capability inventory: Full Bash access, plus Read, Write, and Edit file permissions.
- Sanitization: No instructions or internal script logic are present to sanitize shell metacharacters in the input query before execution.
Audit Metadata