Skills
skills/yonatangross/orchestkit/llm-integration/Gen Agent Trust Hub

llm-integration

Warn

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/dpo-training.py utilizes the trust_remote_code=True parameter within the AutoModelForCausalLM.from_pretrained and AutoTokenizer.from_pretrained methods. This setting allows the execution of custom Python code defined within a remote model's repository, posing a risk if the model source is untrusted or compromised.
  • [EXTERNAL_DOWNLOADS]: The setup guide in rules/local-ollama-setup.md provides an installation command that pipes a remote script from https://ollama.ai/install.sh directly into the shell. While Ollama is a well-known service, this pattern is inherently risky as it executes remote code without prior local inspection.
  • [DATA_EXFILTRATION]: The configuration script scripts/create-lora-config.md includes commands to search for model-related variables within .env files using grep. Because environment files frequently contain sensitive credentials and secrets, accessing them programmatically increases the risk of unintended data exposure.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 26, 2026, 05:31 PM