run-experiment
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute various commands for environment detection, GPU monitoring (nvidia-smi), and job management (screen) both locally and on remote targets.\n- [REMOTE_CODE_EXECUTION]: Deploys and executes training scripts on remote servers via SSH and on rented Vast.ai instances.\n- [EXTERNAL_DOWNLOADS]: Automatically triggers the installation of Python dependencies from a project's requirements.txt file on remote instances using pip.\n- [DATA_EXFILTRATION]: Accesses potentially sensitive configuration files, including project-level CLAUDE.md and ~/.claude/feishu.json, which may contain sensitive API keys or connection details as described in the skill instructions.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted project data. Specifically: \n
- Ingestion points: Reads project-specific files like CLAUDE.md, vast-instances.json, requirements.txt, and training scripts (SKILL.md).\n
- Boundary markers: None implemented for the data read from project files.\n
- Capability inventory: Uses Bash(*), Write, Edit, and SSH access to execute arbitrary commands and modify files (SKILL.md).\n
- Sanitization: No escaping or validation is performed on the content extracted from the ingested files before using it in shell commands or script modifications.
Audit Metadata