The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (HIGH): The script scripts/vllm-server.py (line 120) configures the vllm.LLM engine with trust_remote_code=True. This setting permits arbitrary Python code bundled with HuggingFace models to execute on the host system. This is an RCE vector if a user specifies a malicious model identifier via the MODEL_NAME environment variable.
Privilege Escalation (HIGH): The file references/edge-deployment.md provides instructions for running sudo commands (sudo nvpmodel, sudo jetson_clocks) to manage hardware performance. Promoting system-level modifications with elevated privileges is a high-risk practice.
Unverifiable Dependencies & Remote Code Execution (MEDIUM): The documentation in references/edge-deployment.md encourages downloading software from unverified sources using git clone https://github.com/ggerganov/llama.cpp, which is not on the list of trusted repositories.
Indirect Prompt Injection (HIGH): The skill presents a high-risk attack surface for indirect prompt injection.
Ingestion points: Model identifiers and configurations provided through environment variables in scripts/vllm-server.py, and external datasets used in references/quantization-guide.md.
Boundary markers: No boundary markers or instructions to ignore embedded commands are present in the processing logic.
Capability inventory: Includes arbitrary command execution via subprocess.Popen, file system modifications through model saving, and remote code execution via the trust_remote_code flag.
Sanitization: There is no evidence of sanitization or origin validation for the models or datasets ingested by the skill.

high-performance-inference