agent-evaluation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection surface. The skill processes MLflow traces which capture historical agent interactions, potentially including untrusted user inputs or model outputs. * Ingestion points: Agent traces read during Step 1 (Understand Agent Purpose) and Step 4 (Apply Scorers). * Boundary markers: Absent; no specific delimiters or instruction-ignore blocks are defined for trace ingestion. * Capability inventory: Bash (file exploration), Write (script generation), and WebFetch (documentation retrieval). * Sanitization: Absent; trace content is analyzed without explicit validation or escaping.
- COMMAND_EXECUTION (LOW): Dynamic code generation. The skill utilizes local template scripts (e.g.,
create_dataset_template.py) to generate executable Python code based on project files. While this creates a dynamic execution path, the instructions require the agent to 'review and execute' the scripts, providing a mitigation via human-in-the-loop oversight.
Audit Metadata