evaluator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill maintains a local log of events and metrics which can be displayed back to the agent, creating a surface for indirect prompt injection from untrusted inputs derived from other skill outputs.
- Ingestion points: Untrusted data enters the context via command-line arguments in scripts/track_event.py, specifically through the --skill and --error-type flags which may capture data from external processes.
- Boundary markers: The skill does not use delimiters or boundary markers when storing data in .evaluator/events.jsonl or when outputting summaries to the console via the show-events or summary commands.
- Capability inventory: The skill utilizes Bash, Read, Write, and Glob capabilities to manage its telemetry files and interact with the filesystem.
- Sanitization: Input strings provided to the tracking script are stored as JSON and subsequently displayed without validation or escaping, allowing stored content to potentially influence the agent's next instructions when read.
Audit Metadata