stable-baselines3
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Remote Code Execution] (MEDIUM): The templates in
scripts/evaluate_agent.pyandscripts/train_rl_agent.pyuse loading functions from thestable_baselines3library. These functions use the Pythonpicklemodule to load saved model states. Pickle is inherently insecure and can be used to execute arbitrary code if a model from an untrusted source is loaded. - [Command Execution] (LOW): The
scripts/train_rl_agent.pyscript utilizesSubprocVecEnvto parallelize environment instances. This involves spawning and managing multiple Python subprocesses, which is a standard but potentially powerful capability for process management.
Audit Metadata