eve-job-lifecycle
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- SAFE (SAFE): No malicious logic, hardcoded credentials, or unauthorized network operations were found. The skill consists entirely of instructional markdown.
- Indirect Prompt Injection (LOW): The skill processes untrusted user data through CLI arguments, creating a potential surface for indirect prompt injection.
- Ingestion points: Job descriptions and summaries in
SKILL.md(e.g.,--descriptionand--summaryflags). - Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore embedded instructions within user text.
- Capability inventory: Job creation, updates, and dependency management via the
eveCLI tool. - Sanitization: Absent; the skill does not specify escaping or validation for user-provided strings before they are passed to the CLI.
Audit Metadata