Skills
skills/zechenzhangagi/ai-research-skills/verl-rl-training/Gen Agent Trust Hub

verl-rl-training

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The framework enables the execution of arbitrary Python code by loading scripts from a user-defined filesystem path for custom reward logic. If an attacker can control the configuration file or write to the specified path, they can execute arbitrary commands.
  • Evidence: references/api-reference.md specifies a custom_reward_function config with a path: /path/to/reward.py that is loaded at runtime.
  • [COMMAND_EXECUTION] (LOW): The troubleshooting guide provides several shell commands that involve modifying system environment variables and restarting services, which could be misused if executed blindly in a privileged context.
  • Evidence: references/troubleshooting.md includes commands for ray start, export NCCL_DEBUG, and modifying PYTHONPATH or RAY_EXPERIMENTAL_NOSET_CUDA_VISIBLE_DEVICES.
  • [EXTERNAL_DOWNLOADS] (LOW): The documentation suggests downloading and installing external packages from PyPI without strict version pinning or integrity checks.
  • Evidence: references/troubleshooting.md recommends pip install vllm>=0.8.2,<=0.12.0.
  • [DATA_EXFILTRATION] (LOW): The skill configures several file paths for data ingestion and output. While no active exfiltration is detected, the lack of input sanitization for these paths could lead to unauthorized file access if exposed to an untrusted interface.
  • Evidence: references/api-reference.md defines train_files: /path/to/train.parquet.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:03 AM