eve-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Surface.
- Ingestion points: The skill retrieves external data using
eve job current --jsoninSKILL.md. - Boundary markers: The skill suggests using a descriptive template (Scope, Deliverable, Context) but does not provide instructions for escaping or sanitizing interpolated data.
- Capability inventory: The skill has the ability to spawn new agent instances via
eve job createand define their instructions, providing an execution path for poisoned context. - Sanitization: No sanitization or validation of the fetched context is performed before it is used to generate child descriptions.
Audit Metadata