vllm-plugin-fl-setup-flagos
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches source code from the flagos-ai GitHub repositories (vllm-plugin-FL, FlagGems, and FlagCX). It also utilizes a custom package registry at resource.flagos.net to download hardware-specific dependencies such as FlagTree for Ascend NPU backends.- [REMOTE_CODE_EXECUTION]: The skill installs and executes code from the downloaded repositories using 'pip install' with the '--no-build-isolation' flag and by running 'make' for local compilation of the FlagCX communication library.- [COMMAND_EXECUTION]: The skill executes various system commands including hardware diagnostic tools (nvidia-smi, npu-smi, mthreads-gmi, ixsmi) to identify backends and uses 'find' to locate local model directories on the filesystem.- [PROMPT_INJECTION]: The skill incorporates user-provided model names into a shell search command ('find / -maxdepth 5 -type d -name "<user_provided_model_name>"'). This represents an indirect prompt injection surface as the input is not sanitized before being interpolated into a subprocess call.
- [INGESTION_POINTS]: User input for model name during the Quick Test procedure in SKILL.md.
- [BOUNDARY_MARKERS]: None.
- [CAPABILITY_INVENTORY]: Subprocess execution for hardware detection, repository cloning, package installation, and filesystem searching.
- [SANITIZATION]: None observed for the user-provided model name used in the shell command.
Audit Metadata