agent-data-ml-model
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill explicitly allows and supports the use of '.pkl' (Pickle) files for model serialization. Loading untrusted pickle files via 'pickle.load()' is a known vector for arbitrary code execution if the file is maliciously crafted.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data sources while possessing high-privilege capabilities like 'Bash' and 'Write'. 1. Ingestion points: Files located in 'data/' and 'notebooks/'. 2. Boundary markers: Absent; no specific instructions are provided to treat ingested data content as untrusted. 3. Capability inventory: 'Bash', 'Write', 'Edit', 'MultiEdit', 'NotebookRead', 'NotebookEdit'. 4. Sanitization: Absent; no mention of data validation or sanitization routines.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): Lifecycle hooks ('pre_execution' and 'post_execution') execute shell commands using 'Bash' and 'python -c' to perform environment checks and file discovery. While these specific instances are used for initialization, they confirm the active use of local command execution capabilities.
Audit Metadata