The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The script scripts/evaluate_agent.py contains calls to PPO.load(model_path) at lines 49 and 115. Stable Baselines3 uses the pickle module to load models, which is inherently unsafe when handling data from untrusted sources. An attacker could provide a malicious model file that executes arbitrary code upon being loaded by these evaluation scripts. While this is a standard workflow for RL researchers, it represents a significant security risk if models are obtained from external or unverified repositories.

stable-baselines3