eval-agents
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted data from project files and interpolates it into subagent prompts. Ingestion points: Reads files like
AGENTS.md,docs/agents-eval-scenarios.md, and source code files (e.g.,src/cli/commands/task.ts,.github/workflows/). Boundary markers: Uses simple triple-dash delimiters (---) which provide weak isolation between the system instructions and the untrusted documentation content. Capability inventory: Spawns sub-agents to perform evaluations; these sub-agents may have access to tools or command execution within the agent's environment. Sanitization: There is no evidence of sanitization, input validation, or instructions to the sub-agents to ignore embedded commands within the ingested text.
Audit Metadata