training-llms-megatron
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were detected. The content is strictly technical and instructional.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths (e.g., SSH keys, AWS configs), or unauthorized network exfiltration patterns were found. Placeholders like '/path/to/data' are used appropriately for documentation.
- Obfuscation (SAFE): No instances of Base64 encoding, zero-width characters, homoglyphs, or other obfuscation techniques were identified across any of the files.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references legitimate, well-known dependencies (megatron-core, torch, apex, transformer-engine) and uses trusted sources like NVIDIA's NGC container registry. There are no patterns of piped remote execution (e.g., curl|bash).
- Privilege Escalation (SAFE): No commands requesting root access (sudo), modifying system services, or altering file permissions were found.
- Persistence Mechanisms (SAFE): No attempts to create cron jobs, modify shell profiles, or establish startup persistence were detected.
- Metadata Poisoning (SAFE): The metadata fields (name, description, author) accurately reflect the skill's content and do not contain deceptive instructions.
- Indirect Prompt Injection (SAFE): While the skill describes processing external datasets, it provides standard training command templates without high-risk automated ingestion surfaces or vulnerable interpolation patterns.
- Dynamic Execution (SAFE): No use of eval(), exec(), or runtime code generation from untrusted sources was found. The use of torchrun and sbatch is standard for the documented use case of distributed training.
Audit Metadata