skill-grader
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it processes untrusted data from execution transcripts and output files.\n
- Ingestion points: Data is ingested from
transcript_pathand all files withinoutputs_dirusing theReadandGlobtools.\n - Boundary markers: No delimiters or specific instructions are provided to distinguish between the agent's instructions and the untrusted content being evaluated.\n
- Capability inventory: The agent uses
Read,Grep,Glob, andWrite. Malicious instructions inside the evaluated files could potentially influence the agent's file writing or grading decisions.\n - Sanitization: Content from external files is processed and searched without sanitization or validation.\n- [DATA_EXFILTRATION]: The skill presents risks related to sensitive file exposure and unsafe file operations.\n
- The use of user-defined paths for
transcript_pathandoutputs_dirallows the agent to read arbitrary files, which could lead to the exposure of sensitive configuration or credential files if those paths are provided as input.\n - Step 5 performing a write to
outputs_dir + "/../grading.json"constitutes a directory traversal vulnerability, as an attacker could manipulate the directory path to write the output file to unintended locations on the filesystem.
Audit Metadata