mutation-design-gfp
Fail
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches model weights, configuration files, and sequence data from an external university cloud storage service (
cloud.tsinghua.edu.cn) which is not a verified software provider. - [REMOTE_CODE_EXECUTION]: The skill uses
torch.load()to process a downloaded checkpoint. This function is vulnerable to insecure deserialization attacks because it uses the Pythonpicklemodule internally. An attacker who controls the file at the remote URL could execute arbitrary code on the user's machine during the loading process.
Recommendations
- AI detected serious security threats
Audit Metadata