agent-evaluator
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface. The
scripts/agent_evaluator.pyscript processes untrusted user queries and file paths to generate a JSON payload containing 'IMPORTANT GUIDELINES'. These instructions are intended to be incorporated into the parent agent's context. - Ingestion points: User query and optional file path parameters passed as command-line arguments (
sys.argv) toscripts/agent_evaluator.py. - Boundary markers: No explicit delimiters or boundary markers are used in the generated
additional_contextstring to isolate the instructions from user-controlled input. - Capability inventory: While the script itself only outputs JSON to stdout, its recommendations control the activation of agents with broader capabilities, such as
Git-Committer(git operations) andInstruction-Writer(file system modifications). - Sanitization: The script uses
re.escape()for keyword matches, but performs regex-based intent matching directly on the raw user query, which could allow a crafted query to trigger specific agent activations or reasoning strings. - [SAFE]: No hardcoded credentials, sensitive file access, or network exfiltration patterns were detected.
- [SAFE]: The skill relies entirely on the Python standard library. No external or unverifiable dependencies are required.
- [SAFE]: Dynamic code execution in
scripts/run_tests.pyandscripts/agent_evaluator.show_test-cases.pyis restricted to loading local test modules from the skill's own directory, which is a standard practice for unit testing and does not pose a remote execution risk.
Audit Metadata