skill-evaluator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill is a local documentation auditor that evaluates skill quality across several dimensions. It does not perform network requests, execute external scripts, or access sensitive system files.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process the full content of external SKILL.md files for quality auditing. This is a characteristic of its primary function.
- Ingestion points: The skill reads the content of
SKILL.mdand reference files from directories specified in the repository or user input. - Boundary markers: The ingested text is processed without explicit delimiters or instructions to the agent to disregard embedded commands during analysis.
- Capability inventory: The skill's capabilities are limited to local file system enumeration and read operations; no write or network capabilities are present.
- Sanitization: The skill does not implement sanitization or filtering of the Markdown content before evaluation.
Audit Metadata