Skills
skills/laurigates/claude-plugins/evaluate-improve/Gen Agent Trust Hub

evaluate-improve

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious logic, obfuscation, or suspicious code patterns were identified.
  • [COMMAND_EXECUTION]: The skill utilizes restricted Bash commands (cat, jq, find, diff) for reading and comparing local skill files. These operations are limited to the workspace and serve the skill's intended analytical purpose.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface because it processes external evaluation results (benchmark.json). Evidence Chain: 1. Ingestion points: Reads local benchmark.json and SKILL.md files. 2. Boundary markers: None explicitly present in the sub-agent task prompt. 3. Capability inventory: Includes the ability to Edit and Write to skill files. 4. Sanitization: All proposed changes are presented to the user for review and require explicit confirmation via AskUserQuestion before execution, providing a strong human-in-the-loop mitigation.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 08:12 PM