tensorrt-llm

skills-sh:davila7_claude-code-templates__tensorrt-llm

View source

92/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

92/100

MEDIUM 1

LOW 1

Findings (2)

MEDIUM

Docker pull and run untrusted image EXTDL_015

external-download L32

Detects pulling and running Docker images from external registries

docker
pull nvidia/tensorrt_llm

FIX

Pin Docker images to a specific digest (e.g., image@sha256:abc...) instead of using mutable tags like :latest. Use trusted base images from verified publishers.

FP?

Likely FP if the Docker command pulls a well-known official image (e.g., docker pull python:3.11) in setup documentation.

LOW

pip install arbitrary package EXTDL_009

external-download L34

Detects pip install of arbitrary packages that modify the host environment

pip install
pi

FIX

Pin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.

FP?

Likely FP if the match is in documentation showing how to install the skill's own PyPI package.