pytorch
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill demonstrates a training loop pattern that ingests data from a dataloader and performs file writes. This combination allows for indirect instructions embedded in training data to influence the agent's file system operations. Evidence: 1. Ingestion point: 'dataloader' in training loop (SKILL.md). 2. Boundary markers: Absent in provided snippets. 3. Capability inventory: File write via 'torch.save'. 4. Sanitization: None demonstrated.
- Dynamic Execution (MEDIUM): The use of 'torch.save' in the common patterns section (SKILL.md) relies on Python's pickle module for serialization. While this is standard PyTorch behavior, it creates a risk of arbitrary code execution if the agent were to load a maliciously crafted model file using 'torch.load' in a similar environment.
Recommendations
- AI detected serious security threats
Audit Metadata