skill-forge-eval
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts, specifically
scripts/generate_eval_set.pyandscripts/aggregate_benchmark.py, to automate the generation of test sets and the aggregation of results. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes instructions and data from external, potentially untrusted sources such as other skills' SKILL.md files and evals.json configuration files. * Ingestion points: Processes SKILL.md content from the skill being evaluated (Step 1b) and reads evaluation definitions from evals/evals.json or user-provided files (Step 1). * Boundary markers: The instructions do not specify any delimiters or warnings to prevent the agent from obeying instructions embedded within the data being evaluated. * Capability inventory: The skill possesses the ability to execute shell commands (via Python scripts), write multiple JSON and Markdown files to the filesystem, and delegate task execution to sub-agents (executor, grader, analyzer). * Sanitization: No evidence of sanitization, validation, or escaping of the ingested data is present before it is used in script arguments or sub-agent prompts.
Audit Metadata