speculative-decoding
Warn
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to clone and install code from external, unverified GitHub repositories: 'https://github.com/FasterDecoding/Medusa' and 'https://github.com/hao-ai-lab/LookaheadDecoding'. Downloading and executing code from third-party sources without integrity checks or version pinning can expose the environment to malicious code if the repositories are compromised.
- [COMMAND_EXECUTION]: The installation guide includes shell commands for cloning repositories and performing editable installs ('pip install -e .'). This process involves executing setup scripts (e.g., 'setup.py' or 'pyproject.toml' logic) from the downloaded source code, which can perform arbitrary actions on the host system.
Audit Metadata