Skills
skills/itsmostafa/llm-engineering-skills/pytorch/Gen Agent Trust Hub

pytorch

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Dynamic Execution] (MEDIUM): The skill provides instructions for saving and loading model checkpoints using torch.save() and torch.load(). By default, torch.load() uses Python's pickle module for deserialization, which is inherently unsafe and can be exploited to execute arbitrary code if the input file is malicious.
  • [Dynamic Execution] (LOW): The skill utilizes torch.compile() and torch.jit.script() for performance optimization. These features involve runtime compilation and dynamic code generation for framework-level optimizations.
  • [Indirect Prompt Injection] (LOW): The skill processes external datasets via DataLoader while possessing powerful capabilities such as dynamic code execution. This creates a vulnerability surface for indirect prompt injection. Evidence: 1. Ingestion: train_loader and val_loader (SKILL.md). 2. Boundaries: Absent. 3. Capabilities: torch.load, torch.compile. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:34 PM