evaluate-skill
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to the way it handles external data.
- Ingestion points: The skill reads
criteria.mdand 'execution results' which are untrusted external inputs. - Boundary markers: No delimiters or explicit instructions are provided to the agent to treat the input data as non-executable text, allowing potential instructions within the 'execution results' to override the evaluation logic.
- Capability inventory: The skill possesses the capability to read from the local file system and write to specific metadata paths (
.sop-engine/skills/...). - Sanitization: No sanitization or validation steps are defined to filter out malicious content from the processed data.
- Data Exposure (SAFE): While the skill writes to hidden directories (
.sop-engine), these actions are local and part of the intended workflow. No network exfiltration or access to sensitive system credentials was detected.
Audit Metadata