tinker
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The skill relies on the external Python packages
tinkerandtinker-cookbook. These are provided by Thinking Machines Lab, which is not among the whitelisted trusted sources. - [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its core function of processing untrusted data. 1. Ingestion points: The skill uses
datasets.load_datasetand local.jsonlfiles (e.g., inreferences/recipes.mdandreferences/supervised-learning.md) to load training examples. 2. Boundary markers: No delimiters or explicit instruction-filtering logic is present to separate dataset content from training control mechanisms. 3. Capability inventory: The skill can execute network-based training operations (forward_backward) and perform file system writes for checkpoints and logs (save_state). 4. Sanitization: There is no evidence of sanitization or validation of the text content within the ingested datasets before they are processed by the training pipeline.
Recommendations
- AI detected serious security threats
Audit Metadata