cuda-kernel-refine
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill suggests executing commands with root privileges to bypass hardware restrictions and modify system state.
- Evidence: Suggests running 'sudo ncu' to access GPU performance counters.
- Evidence: Instructs the user to run 'sudo sh -c' to write to '/etc/modprobe.d/ncu-permissions.conf', which modifies kernel module parameters.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it analyzes and acts upon untrusted data from the local project environment.
- Ingestion points: Reads 'Makefile', 'README', 'CI scripts', and benchmark output (JSON/stdout) to determine execution targets.
- Boundary markers: Absent; there are no instructions to disregard embedded commands in the files it reads.
- Capability inventory: Includes high-privilege execution via sudo, as well as nsys, ncu, nvcc, sqlite3, make, cargo, and pytest.
- Sanitization: Absent; the skill directly adopts targets and parameters found in project metadata.
Recommendations
- AI detected serious security threats
Audit Metadata