evaluate-skill
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data (SKILL.md and evals.json files) and interpolates them into the context of 'general-purpose' and 'eval-grader' subagents. If a skill being evaluated contains malicious instructions, it could attempt to influence the grader or the evaluation environment.
- Ingestion points: The skill reads
SKILL.md(Step 1, Step 3) andevals.json(Step 3) from arbitrary plugin paths provided in arguments. - Boundary markers: The execution logic does not specify the use of clear delimiters or 'ignore embedded instructions' blocks when passing the content of the tested skill to subagents.
- Capability inventory: The skill uses
Bash(ls, cat, jq, mkdir, find),Read,Write, andTask(subagent spawning) across its execution steps. - Sanitization: No explicit sanitization or validation of the content of the skill files is mentioned before they are processed by the LLM or used in the evaluation pipeline.
Audit Metadata