epitech-pre-eval
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs downloads from user-provided URLs using
git cloneand extracts archive files viaunzipto a temporary directory. These operations are part of the core functionality to ingest student work for evaluation. - [COMMAND_EXECUTION]: The agent utilizes the
bashtool to execute system commands such asgrep,find, andsort. These commands are used to identify code patterns, detect project structures, and count file types for reporting. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests and analyzes untrusted code from external sources. Malicious instructions embedded in student code could potentially influence the agent's behavior during the reporting phase.
- Ingestion points: External code enters the environment via
git cloneorunzipoperations (SKILL.md, Step 2). - Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to disregard natural language commands found within the source files being analyzed.
- Capability inventory: The skill has access to the
bashandviewtools, and it executes a local Python script (generate_report.py) to finalize reports. - Sanitization: There is no evidence of sanitization or filtering of content retrieved from the analyzed projects before it is processed by the agent.
- [DATA_EXFILTRATION]: Although the skill searches for sensitive data such as API keys and passwords, this is an intended security auditing feature. The detected secrets are reported back to the user as 'bad practices' and there are no indicators of unauthorized data exfiltration to external servers.
Audit Metadata