Skills
skills/yzlnew/infra-skills/megatron-memory-estimator/Gen Agent Trust Hub

megatron-memory-estimator

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The scripts/setup_env.sh file installs several Python packages (e.g., mbridge, megatron-core, einops) using pip. These packages are not from the trusted organization list provided in the security guidelines.
  • REMOTE_CODE_EXECUTION (MEDIUM): The SKILL.md file recommends installing the Megatron-LM library directly from a remote GitHub repository (https://github.com/NVIDIA/Megatron-LM.git). Since the NVIDIA organization is not on the whitelist of trusted GitHub organizations, this constitutes an unverifiable remote dependency.
  • EXTERNAL_DOWNLOADS (MEDIUM): The documentation describes scripts/estimate_from_hf.py as the primary entry point, but this file is missing from the skill payload. This prevents a full security review of the script that handles external model configurations.
  • SAFE (SAFE): A review of the included Python files (base.py, gpt_model.py) shows they are focused on model architecture analysis and memory estimation. No signs of prompt injection, data exfiltration, or obfuscation were detected in the provided code logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:30 PM