ml-training-recipes
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: In
references/architecture.md, the code demonstrates fetching and executing code from thekernels-community/flash-attn3repository using aget_kernelfunction, which constitutes unverified remote code execution from a source outside the verified scope. - [EXTERNAL_DOWNLOADS]: The
references/experiment-loop.mdfile references an import ofrustbpe, a non-standard and unverifiable Python package that is not available in primary public registries. - [COMMAND_EXECUTION]: The autonomous experiment workflow in
references/experiment-loop.mdinstructs the agent to modify source code (train.py) and execute shell commands includinggit commit,git reset, and training script invocation, creating a significant capability surface for exploitation. - [PROMPT_INJECTION]: The skill is designed to process data from external sources (
train_loader,data_source) while having file-writing and shell-execution capabilities. - Ingestion points: Data ingestion via
train_loaderinSKILL.mdanddata_sourceinreferences/experiment-loop.md. - Boundary markers: None identified; no instructions exist to isolate processed data from the agent's control flow.
- Capability inventory: The skill can write scripts, execute shell commands, and terminate processes via
exit()calls. - Sanitization: No validation or sanitization of ingested data or the resulting code modifications is present.
Audit Metadata