tensorflow-model-trainer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill presents a high vulnerability surface as it is designed to process external ML data and configurations while having access to powerful system tools. * Ingestion points: ML datasets, code patterns, and configuration files referenced in the capabilities section. * Boundary markers: Absent; there are no instructions to help the agent distinguish between its own logic and data-embedded instructions. * Capability inventory: Bash(python:), Bash(pip:), Write, and Edit tools provide full system execution and modification capabilities. * Sanitization: Absent; the skill lacks validation mechanisms for the data or code it handles.
- [Command Execution] (LOW): The skill requests 'Bash(python:)' and 'Bash(pip:)' permissions. While appropriate for the primary purpose of tensorflow model training, these are high-privilege capabilities that could be exploited to run arbitrary code if the agent is compromised via indirect injection.
Audit Metadata