The Agent Skills Directory

[COMMAND_EXECUTION]: The evaluation script eval/run-eval.sh is vulnerable to command injection. In the range_check and eval_assertion functions, fields extracted from AI responses are directly interpolated into shell-executed python3 -c and node -e command strings without sanitization. This allows a malicious AI response to escape the intended script logic and execute arbitrary commands on the system running the evaluation suite.
[PROMPT_INJECTION]: The evaluation framework demonstrates a vulnerability to indirect prompt injection. It ingests untrusted AI-generated content and processes it without sufficient boundary markers or validation. Combined with the script's code execution capabilities, this allows the processed data to gain control over the testing environment's execution flow.

comfyui-prompt-interview