ml-pipeline
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The
FeaturePipelineclass inreferences/feature-engineering.mdusespickle.load()to restore pipeline objects from files. This is a known security vulnerability aspicklecan be exploited to execute arbitrary code during deserialization.\n- [REMOTE_CODE_EXECUTION]: Inreferences/training-pipelines.md, theTrainer.load_checkpointmethod callstorch.load()to restore model state. By default,torch.loaduses the unsafepicklemodule, which presents a risk of arbitrary code execution if a user loads a malicious checkpoint file.\n- [COMMAND_EXECUTION]: The skill provides a shell script template (launch_distributed.sh) inreferences/training-pipelines.mdthat executestorchrun. This pattern facilitates direct shell command execution for orchestrating distributed training processes.
Audit Metadata