wandb-primary
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill facilitates data analysis using official Weights & Biases and Weave SDKs. All operations are consistent with the vendor's intended use-cases and infrastructure.
- [DATA_EXFILTRATION]: The skill retrieves training history, metrics, and GenAI trace data from W&B APIs. These operations are conducted through authenticated SDK channels to official vendor endpoints.
- [COMMAND_EXECUTION]: The agent is instructed to perform local environment discovery and manage Python dependencies using established tools like uv, pip, or poetry to ensure the environment is correctly configured.
- [PROMPT_INJECTION]: The skill processes data from training logs and model traces, which represents an indirect prompt injection surface. Ingestion points include training run history and Weave call data (WANDB_SDK.md, WEAVE_SDK.md). While explicit boundary markers and sanitization are absent, the skill provides guidance on programmatic data summarization to minimize the impact on the agent's context. The agent's capabilities include subprocess execution and network communication via the vendor SDKs.
Audit Metadata