mutation-design-aav
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches sequences, model weights, and configuration files from external URLs hosted on a university file-sharing platform (cloud.tsinghua.edu.cn).\n- [REMOTE_CODE_EXECUTION]: The workflow involves loading a downloaded model checkpoint using
torch.load. This function is insecure as it relies on thepicklemodule, which can execute arbitrary code embedded in a malicious file.\n- [COMMAND_EXECUTION]: The agent is directed to execute Python code that processes these downloaded external files, potentially allowing for system compromise if the files contain malicious payloads.
Recommendations
- AI detected serious security threats
Audit Metadata