llava
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the LLaVA repository from GitHub (haotian-liu/LLaVA) and model weights from Hugging Face (liuhaotian/llava-v1.5-7b). These are well-known and official sources for the project.
- [COMMAND_EXECUTION]: Provides instructions for running model servers, CLI interfaces, and training scripts using standard Python and bash commands. These are necessary and expected for the described vision-language tasks.
- [DATA_EXPOSURE_AND_EXFILTRATION]: Accesses local image files for vision processing, which is the primary function of the model. No unauthorized data access, sensitive file exposure, or exfiltration patterns were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of images and user text. Ingestion points: Local image files and JSON training datasets. Boundary markers: None present in the code examples. Capability inventory: Shell execution for training and CLI usage, and file system write access for saving data. Sanitization: No explicit validation of image content or prompt safety is demonstrated in the snippets. This represents a standard capability risk for vision-language assistants.
Audit Metadata