The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The files Graders/CodeBased/BinaryTests.ts and Graders/CodeBased/StaticAnalysis.ts utilize Bun's shell execution ($) to run commands specified in external task configuration YAML files. Specifically, params.test_command and params.commands are executed directly, which allows for arbitrary command injection and execution if a task file is malicious or becomes corrupted.
PROMPT_INJECTION (MEDIUM): The SKILL.md file contains a 'MANDATORY: Voice Notification' section that uses forceful language ('MUST', 'REQUIRED', 'not optional') to override agent behavior. It compels the agent to execute a curl command to localhost:8888 immediately upon invocation, which is a pattern commonly used in prompt injections to force side-channel actions.
DATA_EXFILTRATION (MEDIUM): The Graders/CodeBased/StateCheck.ts utility is designed to read and verify system state, including environment variables via params.check_env and file contents via params.check_files. While intended for testing, these capabilities can be used to expose sensitive system information (secrets, keys, or private files) if the task definitions are controlled by an attacker.
REMOTE_CODE_EXECUTION (MEDIUM): The skill dynamically loads and executes logic from a 'customization' directory (~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/Evals/) if it exists, which could lead to persistent local code execution if that directory is tampered with.

Evals