uv-tensorrt-llm
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill documentation describes processing user-supplied prompts through the
LLM.generatemethod and thetrtllm-serveAPI, which constitutes an indirect prompt injection surface where external data could contain malicious instructions. - Ingestion points: Prompt input strings in
SKILL.mdand the chat completions API request bodies inreferences/serving.md. - Boundary markers: Not specified in the provided examples.
- Capability inventory: The skill is limited to performing model inference and network serving; it does not demonstrate broad system access or arbitrary code execution capabilities based on user input.
- Sanitization: No specific input validation or sanitization routines are documented.
- [COMMAND_EXECUTION]: The documentation includes standard operational commands for environment setup, such as
pip installfor dependency management anddocker pullfor retrieving official NVIDIA images. It also details the use of thetrtllm-servecommand-line utility for production serving. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download of pre-trained model weights from HuggingFace and infrastructure components from the official NVIDIA Docker registry. These are well-known technology services and are documented neutrally as part of the standard deployment workflow.
- [REMOTE_CODE_EXECUTION]: The skill involves the dynamic compilation of optimized inference engines from model definitions at runtime via the
trtllm-serveutility. This runtime compilation is a core architectural requirement of the TensorRT-LLM library to achieve target performance on specific GPU hardware.
Audit Metadata