runpod-deployment
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The deployment documentation in 'reference/cicd.md' provides shell commands that utilize 'sudo' to move a downloaded binary to the system path ('/usr/local/bin/'). This introduces a privilege escalation risk if executed by an automated agent.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions in 'reference/cicd.md' to fetch an external binary ('runpodctl') from a GitHub repository outside the author's primary domain using 'wget'.
- [REMOTE_CODE_EXECUTION]: Multiple files, including 'reference/model-deployment.md' and 'templates/runpod-worker.py', explicitly set 'trust_remote_code=True' when initializing models with the HuggingFace Transformers library. This allows the execution of arbitrary Python code included in the remote model repository, which is a significant security risk for untrusted models.
- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing untrusted user input without sufficient isolation.
- Ingestion points: Data enters the handler through 'job["input"]' in 'templates/runpod-worker.py'.
- Boundary markers: The skill lacks markers or system instructions to distinguish between operator commands and user-provided data within the prompt.
- Capability inventory: The associated workers have capabilities to perform network requests and interact with cloud infrastructure APIs.
- Sanitization: There is no evidence of filtering or escaping logic applied to the input text before it is used in model generation.
Recommendations
- AI detected serious security threats
Audit Metadata