Skills
skills/peterbamuhigire/skills-web-dev/ai-evaluation/Gen Agent Trust Hub

ai-evaluation

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The 'judgeAiOutput' function implementation in SKILL.md is vulnerable to indirect prompt injection. The function constructs a judge prompt by directly embedding the '$input' and '$output' variables. An attacker could provide input that breaks out of the triple-dash delimiters to hijack the judge's evaluation logic, potentially forcing favorable scores or exfiltrating data via the reasoning field.
  • Ingestion points: Untrusted data enters via the '$input' and '$output' parameters in the 'judgeAiOutput' function (SKILL.md).
  • Boundary markers: Simple triple-dash ('---') delimiters are present but insufficient to prevent injection attacks that include the same delimiter.
  • Capability inventory: The skill relies on 'callLLM' to execute the combined judge prompt, which has the capability to process instructions and output structured JSON.
  • Sanitization: There is no evidence of sanitization, character escaping, or validation of the input strings before they are interpolated into the prompt.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 07:34 AM