mlflow-tracking-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted user input and ML project data to automate setup tasks. Because it has access to
Bash(python:*)andBash(pip:*), it is vulnerable to malicious instructions embedded in ML configurations that could trigger unauthorized actions. - Ingestion points: User requests and potential ML project files mentioned in the description and triggers.
- Boundary markers: None identified in the instruction set to separate system instructions from untrusted data.
- Capability inventory:
Bash(python:*),Bash(pip:*),Write,Edit(File: SKILL.md). - Sanitization: No sanitization or validation of the input data is defined before it is used in command contexts.
- Command Execution (HIGH): The tool configuration
Bash(python:*)provides the ability to execute any Python script. In the absence of strict input validation, this allows for arbitrary code execution on the host environment (File: SKILL.md). - External Downloads (MEDIUM): The
Bash(pip:*)tool allows for the installation of arbitrary Python packages. Without a pre-defined whitelist or pinned versions, this capability can be abused to install malicious packages from external registries (File: SKILL.md).
Recommendations
- AI detected serious security threats
Audit Metadata