The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions dynamically construct shell commands for the docker exec tool using user-supplied variables such as <MODEL_ID>, <MODEL_PATH>, and <CONTAINER>. Because these variables are interpolated directly into shell strings without sanitization or escaping, an attacker could provide crafted inputs (e.g., using shell metacharacters like ;, &, or backticks) to execute unauthorized commands inside the target container environment.
[REMOTE_CODE_EXECUTION]: The verification process explicitly includes the --trust-remote-code flag when running inference scripts. This setting allows any custom Python code embedded within the model's repository to execute with the full privileges of the container. This poses a significant risk if the model is sourced from an unverified or malicious repository.
[EXTERNAL_DOWNLOADS]: The skill is configured to automatically download model weights and configuration files from ModelScope, which is an established AI model hosting service. While ModelScope is a well-known platform, the combination of automated downloads with high-privilege execution flags like --trust-remote-code necessitates strictly controlled environments.

model-verify-flagos