evaluate-plugin-batch
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script 'evaluate-plugin/scripts/aggregate_benchmark.sh' using the user-provided '' as an argument. If the plugin name contains shell metacharacters, it could potentially lead to command injection depending on how the execution tool handles arguments.- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it discovers and processes contents from files ('SKILL.md', 'evals.json', 'benchmark.json') within a target plugin directory that could be attacker-controlled.
- Ingestion points: Uses 'find' and 'ls' to locate and potentially read files in the target plugin directory.
- Boundary markers: None. The skill does not use delimiters or instructions to ignore embedded commands when processing content from discovered skills.
- Capability inventory: Includes 'Bash', 'Write', and 'SlashCommand' tools, which could be exploited if malicious instructions are successfully injected via the processed files.
- Sanitization: No explicit sanitization or validation of file paths or contents is performed before they are used in subsequent commands or reporting steps.
Audit Metadata