sam3
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill installs dependencies from trusted sources including the facebookresearch GitHub organization and the PyTorch wheel registry, although the torch version (2.7.0) is currently non-standard.
- COMMAND_EXECUTION (MEDIUM): The skill facilitates the execution of setup and training commands, including sensitive cluster/SLURM operations.
- PRIVILEGE_ESCALATION (MEDIUM): The scripts/create_inference_starter.py script dynamically creates Python files and modifies filesystem permissions (chmod 755) to grant them execution privileges.
- INDIRECT_PROMPT_INJECTION (HIGH): The skill processes untrusted media files and text prompts while possessing high-privilege system capabilities. 1. Ingestion points: Image data is loaded via PIL, and videos are accessed via resource paths in the predictor. 2. Boundary markers: No specific delimiters are used to isolate untrusted content from the execution logic. 3. Capability inventory: The skill can write files, change permissions, install packages, and submit jobs to high-performance computing clusters. 4. Sanitization: No sanitization or validation of media files or prompts is performed before they are processed by the SAM3 logic.
Recommendations
- AI detected serious security threats
Audit Metadata