ds-eval
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes natural language descriptions from other skills as data for evaluation. If a sibling skill contains malicious instructions in its description, it could potentially influence the agent's behavior during the matching process.
- Ingestion points: Frontmatter 'description' fields from SKILL.md files in sibling directories and the eval/triggering-tests.yaml file.
- Boundary markers: Absent; the logic does not employ delimiters or specific instructions to ignore embedded directives within the ingested data.
- Capability inventory: The skill is configured with the Read tool to access the local file system.
- Sanitization: No sanitization or validation of the ingested text is performed before it is used in the comparison logic.
- [COMMAND_EXECUTION]: The skill uses a shell command pattern (!cat) to retrieve the contents of a test file. While intended for loading context, this demonstrates a reliance on command-line execution patterns even though only the Read tool is explicitly permitted in the frontmatter configuration.
Audit Metadata