osmo-agent
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches workflow examples and configuration templates from the official NVIDIA OSMO cookbook on GitHub (raw.githubusercontent.com/NVIDIA/OSMO). These downloads are used to assist users in creating valid job specifications and originate from a trusted vendor repository.
- [COMMAND_EXECUTION]: The skill uses the osmo CLI to manage cloud resources, including commands like osmo pool list, osmo workflow submit, and osmo workflow logs. It also generates workflow.yaml files locally and submits them for execution.
- [DATA_EXFILTRATION]: Provides the ability to download output datasets from the OSMO cloud to the local filesystem via the osmo dataset download command, which is a standard feature for retrieving task results.
- [PROMPT_INJECTION]: The skill processes external templates and logs, which represents an indirect prompt injection surface. (1) Ingestion points: Fetches YAML and Markdown from GitHub and reads logs via osmo workflow logs. (2) Boundary markers: No explicit delimiters or ignore-instructions markers are used for external data. (3) Capability inventory: Subprocess execution via osmo CLI and local file system access. (4) Sanitization: Content from templates and logs is processed without specific filtering or sanitization.
Audit Metadata