tinker-training-cost
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Remote Code Execution (HIGH): The skill documentation and provided code snippets explicitly use the 'trust_remote_code=True' parameter with 'AutoTokenizer.from_pretrained'. This is a known security risk that allows the execution of arbitrary Python code contained within a Hugging Face model repository. An attacker could provide a malicious model path to execute code on the host system.
- Unverifiable Dependencies (MEDIUM): The skill refers to and instructs the user/agent to run 'scripts/calculate_cost.py'. This script is not provided in the source files, making its behavior unverifiable and potentially dangerous if it performs unsafe operations.
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted external data (JSONL datasets). 1. Ingestion points: training_data.jsonl file. 2. Boundary markers: None present to distinguish data from instructions. 3. Capability inventory: Script execution via Python, network access to Hugging Face, and remote code execution via tokenizer loading. 4. Sanitization: None mentioned for the input dataset.
Recommendations
- AI detected serious security threats
Audit Metadata