fine-tuning-openvla-oft
Warn
Audited by Snyk on Mar 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md and the referenced workflow docs explicitly require cloning public GitHub repos and fetching public Hugging Face checkpoints/datasets (e.g., git clone https://github.com/moojink/openvla-oft.git, pretrained_checkpoint moojink/... and optional git@hf.co dataset), and those external, user-generated artifacts are loaded at runtime (e.g., vla-scripts/deploy.py loads checkpoints and serves /act) which can materially influence model behavior and tool actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly clones and runs code from external git repositories at runtime (e.g., "git clone https://github.com/moojink/openvla-oft.git" and "git clone https://github.com/Lifelong-Robot-Learning/LIBERO.git"), which fetches remote code that is then executed (python scripts), so these URLs are runtime dependencies that can execute remote code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata