eval-suite
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands with interpolated user-provided strings. Specifically, parameters like
{content_or_path}and{type}are passed directly topython scripts/eval-runner.py. This presents a risk of command injection if the input strings contain shell metacharacters and are not properly escaped by the underlying execution environment. - [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection as it processes untrusted external data (campaign assets, content libraries) and passes it to an AI-driven evaluation pipeline.
- Ingestion points: User-provided file paths, directory contents, and inline content blocks ingested during Step 2.
- Boundary markers: There are no explicit delimiters or system instructions defined to prevent the AI from obeying commands hidden within the content being evaluated.
- Capability inventory: The skill has the ability to execute subprocesses via
scripts/eval-runner.pyandscripts/quality-tracker.pyand can read sensitive brand profiles from the local file system (~/.claude-marketing/). - Sanitization: The instructions do not specify any validation, escaping, or sanitization of the content before it is processed by the evaluation scripts.
Audit Metadata