Skills
skills/firecrawl/ai-research-skills/miles-rl-training/Gen Agent Trust Hub

miles-rl-training

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches framework code from an unverified GitHub repository (radixark/miles) and pulls a Docker image (radixark/miles:latest) from a third-party account that is not on the list of trusted vendors.
  • [COMMAND_EXECUTION]: Executes shell commands to install dependencies via pip install and run training scripts with various configuration flags, operating on code sourced from unverified external repositories.
  • [REMOTE_CODE_EXECUTION]: Provides functionality to load and execute custom Python scripts through parameters like --custom-generate-function-path and --custom-rm-path, which involves dynamic execution of scripts from user-defined local paths.
  • [PROMPT_INJECTION]: The skill ingests untrusted training data via the --prompt-data flag. 1. Ingestion points: prompt-data parameter in SKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: Shell command execution via training scripts and potential file system access; 4. Sanitization: Absent. This surface allows for indirect prompt injection attacks where instructions in the data could manipulate agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 06:07 PM