Skills
skills/pluginagentmarketplace/custom-plugin-ai-engineer/model-deployment/Gen Agent Trust Hub

model-deployment

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill instructs the user to execute a remote script using curl -fsSL https://ollama.ai/install.sh | sh.
  • Evidence: Found in the 'Ollama (Local Deployment)' section of SKILL.md.
  • Reasoning: Executing piped web content is a significant security risk as the source (ollama.ai) is not within the defined trusted organization scope and the content could be modified to execute malicious code on the host system.
  • COMMAND_EXECUTION (MEDIUM): The skill provides multiple instructions for running arbitrary commands and services with high privileges.
  • Evidence: docker run --gpus all and python -m vllm.entrypoints.openai.api_server.
  • Context: These are necessary for the skill's primary purpose of model deployment, but they involve running external images and starting network-accessible servers.
  • INDIRECT_PROMPT_INJECTION (LOW): The FastAPI implementation creates a surface for indirect prompt injection.
  • Ingestion points: The GenerateRequest.prompt field in the FastAPI server (file: SKILL.md).
  • Boundary markers: None present in the code; the prompt is passed directly to the tokenizer.
  • Capability inventory: The model generates text based on the input, which can be used to influence downstream agent behavior if the output is processed further.
  • Sanitization: No input validation or sanitization is performed on the prompt string before inference.
Recommendations
  • HIGH: Downloads and executes remote code from: https://ollama.ai/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:47 PM