pytorch-model-trainer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill defines a high-risk capability surface. It is designed to process external machine learning code, patterns, and configurations while possessing the ability to execute arbitrary python and pip commands.
- Ingestion points: The skill ingests untrusted data whenever a user provides ML code snippets, training patterns, or data preparation requests.
- Boundary markers: None are specified in the skill definition to separate instruction from untrusted data.
- Capability inventory: Access to
Bash(python:*),Bash(pip:*),Write, andEditallows for full system compromise or data exfiltration if the agent is manipulated by embedded instructions in ML code. - Sanitization: No sanitization or validation logic is defined for the external content being processed.
- [Command Execution] (HIGH): The skill explicitly requests permission to use
Bash(python:*)andBash(pip:*). This allows the agent to install arbitrary packages and execute arbitrary Python code, which can be leveraged for malicious persistence or lateral movement if the agent's reasoning is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata