ml-experimentation
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates machine learning tasks by guiding the agent to generate and execute Python scripts via
uv runorpixi run. These operations are central to the skill's purpose but involve the execution of shell commands and locally generated code. - [EXTERNAL_DOWNLOADS]: The skill references and fetches machine learning framework dependencies, such as PyTorch wheels, from the official and well-known
download.pytorch.orgrepository. - [PROMPT_INJECTION]: The skill ingests data from user-provided journal files and script-generated logs to create summaries and visualizations, creating a surface for indirect prompt injection. Ingestion points: Reads
JOURNAL.md,IGNORED_RUNS.md, and log files in theruns/directory. Boundary markers: None identified. Capability inventory: Shell command execution (uv run), file creation, and data visualization. Sanitization: Uses regex and JSON parsing to extract metrics from logs, while journal content is included in final report sections.
Audit Metadata