Skills
skills/zechenzhangagi/ai-research-skills/skypilot-multi-cloud-orchestration/Gen Agent Trust Hub

skypilot-multi-cloud-orchestration

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (SAFE): The skill instructs the user to install skypilot and related machine learning libraries from standard package registries. These are well-known and legitimate tools.
  • [COMMAND_EXECUTION] (SAFE): The skill demonstrates how to use SkyPilot to launch clusters and run distributed training jobs. These operations involve standard shell command execution for infrastructure orchestration.
  • [DATA_EXFILTRATION] (SAFE): The documentation mentions handling cloud credentials and environment variables (e.g., HF_TOKEN, WANDB_API_KEY). However, it does not contain any logic to extract or send these secrets to unauthorized external locations.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill describes features that ingest data from external sources, creating a potential attack surface.
  • Ingestion points: Git repositories specified in workdir and cloud storage buckets (S3/GCS) specified in file_mounts in both SKILL.md and references/advanced-usage.md.
  • Boundary markers: Absent; the configurations do not specify markers to distinguish between trusted and untrusted content within these external sources.
  • Capability inventory: The skill allows for arbitrary shell command execution via the run and setup blocks in YAML configurations.
  • Sanitization: Absent; there is no mention of validating or sanitizing the content pulled from remote repositories before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:17 PM