model-quantization
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICAL
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill uses subprocess.run to call the quantize binary. It provides examples of secure execution using environment isolation and path validation.
- [DATA_EXFILTRATION] (SAFE): The automated scanner alert for logger.info is a false positive. No actual network connections to untrusted or blacklisted domains are made.
- [SAFE] (SAFE): The skill demonstrates best practices by including a ModelVerifier for SHA256 integrity checks and a validate_model_path function to prevent directory traversal attacks.
- [PROMPT_INJECTION] (LOW): There is a potential surface for indirect prompt injection in the QualityAnalyzer if test_prompts are sourced from untrusted users, but this is a standard risk for model testing tools.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata