Skills
skills/lllllllama/ai-paper-reproduction-skills/run-train/Gen Agent Trust Hub

run-train

Warn

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_training.py utilizes subprocess.run to execute commands provided via the --command argument. While this is central to the skill's functionality, it allows the agent to execute arbitrary shell commands within the host environment.
  • [DYNAMIC_EXECUTION]: The script scripts/write_outputs.py uses importlib.util to dynamically load and execute a Python module from a computed relative path: ../../../shared/scripts/write_run_bundle.py. Loading code from outside the skill's local directory structure at runtime is a high-risk pattern as it depends on external files that are not part of the analyzed bundle.
  • [DATA_EXPOSURE]: The execution logic in scripts/run_training.py captures all stdout and stderr from the training process and writes it to train_outputs/LOG.md. If the training command or environment variables leak sensitive data (such as API keys or paths) to the console, this information will be persisted and potentially processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 11:13 AM