moai-ml-llm-fine-tuning
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill implements the
trust_remote_code=Trueparameter within thesetup_qlora_modelfunction forAutoModelForCausalLM.from_pretrained. This configuration allows the AI agent to execute custom code defined in a model's repository on the Hugging Face Hub. If used with an untrusted or compromised model ID, this could lead to arbitrary code execution on the host system. - [EXTERNAL_DOWNLOADS]: The skill utilizes the
transformersanddatasetslibraries to download model weights and training data from the Hugging Face Hub. While the provided examples target reputable organizations (Meta and Databricks), the code is designed to fetch and process assets from any remote repository. - [COMMAND_EXECUTION]: The skill provides instructions for initiating distributed training using the
accelerate launchcommand through theBashtool. This involves executing system-level processes to manage multi-GPU training environments. - [INDIRECT_PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing external datasets through the
load_datasetfunction. - Ingestion points: Data enters the context via
load_datasetin the data preparation section ofSKILL.md. - Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands within the dataset.
- Capability inventory: The skill possesses the
Bashtool for command execution andWebFetchfor network operations. - Sanitization: Absent; data from the dataset is directly interpolated into a string template using the
format_instructionfunction.
Audit Metadata