skill-evaluator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill instructs the agent to run a local script 'scripts/validate_skill.py' for automated validation. Since the source code for this script is not included in the provided files, its internal security cannot be verified, though its context suggests benign structural checks.
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because its primary purpose is to process and evaluate untrusted data from other skills. Evidence: (1) Ingestion points: The agent reads the 'SKILL.md' and referenced files of an external skill from a user-provided path. (2) Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the evaluation workflow. (3) Capability inventory: The skill has the capability to execute local scripts and perform file system reads. (4) Sanitization: There is no documented sanitization or filtering of the ingested skill content before analysis.
Audit Metadata