agent-eval
Fail
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a Python package directly from a third-party GitHub repository (joaquinhuigomez/agent-eval) rather than an official registry or a verified source.
- [REMOTE_CODE_EXECUTION]: By recommending installation via 'pip install git+', the skill allows for the execution of arbitrary code contained within the remote repository's installation scripts or the package code itself.
- [COMMAND_EXECUTION]: The core functionality of the agent-eval tool involves executing arbitrary shell commands, such as build scripts or test runners, that are provided in YAML task definitions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes YAML task files which can contain malicious commands. * Ingestion points: YAML configuration files within the 'tasks/' directory. * Boundary markers: There are no delimiters or instructions to the agent to ignore potentially malicious embedded instructions in the task files. * Capability inventory: The skill utilizes powerful tools including 'Bash' and 'Write', and the CLI tool itself executes subprocesses. * Sanitization: No sanitization or validation is performed on the commands extracted from the YAML files before they are passed to the system shell.
Recommendations
- AI detected serious security threats
Audit Metadata