ml-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Dynamic Execution (LOW): The skill uses
joblib.loadto deserialize model files. Evidence:model = joblib.load("model.pkl")inSKILL.md. Context: While standard in machine learning workflows, Joblib (based on Pickle) can execute arbitrary code during deserialization. This finding is downgraded from MEDIUM as it is central to the primary purpose of the skill. - Indirect Prompt Injection (LOW): The skill implements API endpoints that ingest untrusted external data. Ingestion points:
PredictRequestfeatures inSKILL.md. Boundary markers: Absent. Capability inventory: Use ofProcessPoolExecutorfor parallel task execution. Sanitization: Basic type validation via Pydantic; no semantic validation or sanitization of input features.
Audit Metadata