ml-engineer
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMSAFE
Full Analysis
- Dynamic Execution (MEDIUM): The skill recommends the 'Pickle' format for model deployment and serialization.
- Evidence: The instructions in 'SKILL.md' state to 'Export models to standard formats (ONNX, Pickle, SavedModel)'.
- Risk: The Python 'pickle' module is insecure because it can execute arbitrary code during the deserialization process. Loading an untrusted pickle file can lead to host compromise.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process data from external files, which represents a potential attack surface.
- Ingestion points: The skill reads data from 'data.csv' using 'pandas.read_csv()'.
- Boundary markers: There are no instructions defining delimiters or boundary markers to prevent the model from interpreting instructions embedded within the data files.
- Capability inventory: The agent is equipped with the capability to execute Python code for data processing and model training.
- Sanitization: No sanitization or validation of the input data is suggested before it is processed by the training pipeline.
Audit Metadata