modal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [Indirect Prompt Injection] (LOW): Documentation describes patterns for ingesting untrusted data through web endpoints and external storage, creating a potential surface for indirect prompt injection. Ingestion points: Web endpoints in
references/web-endpoints.mdand S3/Volume reads inreferences/examples.md. Boundary markers: Absent in provided examples. Capability inventory: Documentssubprocess.run(references/gpu.md),run_commands(references/images.md), and persistent storage writes (references/volumes.md). Sanitization: Absent in provided examples. - [Unverifiable Dependencies & Remote Code Execution] (LOW): Examples demonstrate cloning repositories and executing subprocesses as part of the primary platform workflow. Evidence:
references/images.mdusesgit clonefrommodal-labsandreferences/gpu.mdusessubprocess.run. Trust Status: Sources are associated with the platform's official organization, reducing severity per [TRUST-SCOPE-RULE]. - [Data Exposure & Exfiltration] (LOW): Documentation provides examples of mounting sensitive local directories like
~/.awsinto containers. This is a documented feature for credential management within the platform's legitimate use cases.
Audit Metadata