engineering-ml-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion surfaces.
- Ingestion points: The script
scripts/analyze_dataset.pyreads user-provided CSV files for analysis. Reference patterns inreferences/classical-ml.mdandreferences/transformers-patterns.mdperform data loading from CSV and JSON formats. - Boundary markers: No boundary markers or delimiters are implemented to separate data from instructions within the processed datasets.
- Capability inventory: The skill can execute local scripts (
scripts/analyze_dataset.py), write files to disk (model exports inreferences/deployment.md), and perform network operations (fetching models/datasets from HuggingFace). - Sanitization: No validation or filtering is performed on data content to prevent instruction hijacking.
- [REMOTE_CODE_EXECUTION]: Reference patterns include the use of
joblib.loadfor model persistence, which poses a risk of arbitrary code execution if an agent is induced to load an untrusted model file. - Evidence: The file
references/classical-ml.mdprovides aload_modelutility that usesjoblib.loadto deserialize model artifacts. - [EXTERNAL_DOWNLOADS]: The skill references and downloads models and datasets from well-known and trusted platforms.
- Evidence: Patterns in
references/fine-tuning.mdandreferences/transformers-patterns.mdutilizefrom_pretrainedandload_datasetto fetch assets from HuggingFace.
Audit Metadata