backtest-evaluator
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data from external files and incorporates it into agent-generated reports.\n
- Ingestion points: Data is loaded from files specified by the --state and --csv arguments (e.g., state.json, data.csv).\n
- Boundary markers: The instructions do not define delimiters or ignore-previous-instruction markers for the content of processed files.\n
- Capability inventory: The skill uses the Bash tool (run.py) for execution and the Read and Glob tools (SKILL.md) for file access.\n
- Sanitization: No validation or sanitization of the input data files is performed before processing.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local Python script (run.py) to perform analysis and generate backtest artifacts.
Audit Metadata