Skills
skills/pluginagentmarketplace/custom-plugin-ai-data-scientist/computer-vision/Gen Agent Trust Hub

computer-vision

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill uses automated functions to download pre-trained machine learning models at runtime.
  • Evidence: SKILL.md contains torch.hub.load('pytorch/vision:v0.10.0', ...) and YOLO('yolov8n.pt') which fetch model weights and scripts from external servers.
  • Context: The downloads originate from trusted organizations (PyTorch and Ultralytics). Per the [TRUST-SCOPE-RULE], these findings are downgraded to LOW.
  • REMOTE_CODE_EXECUTION (LOW): The torch.hub.load function dynamically executes a configuration script from a remote GitHub repository.
  • Evidence: Found in SKILL.md line 147: model = torch.hub.load('pytorch/vision:v0.10.0', ...).
  • Context: This is a standard but technically dynamic execution pattern. It is considered low risk because it targets a verified repository from a trusted organization (pytorch).
  • FALSE POSITIVE (SAFE): The automated scan alert for the URL 'box.co' was investigated and determined to be an error.
  • Evidence: Analysis of the code reveals no malicious links. The scanner likely misidentified the Python variable access box.conf (representing 'bounding box confidence' in SKILL.md) as the shortened URL 'box.co'.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:07 PM