Skills
skills/raddue/crucible/skill-selection-evals/Gen Agent Trust Hub

skill-selection-evals

Warn

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/run_selection_eval.py invokes the claude CLI tool using subprocess.run with the --permission-mode bypassPermissions flag. This flag suppresses standard security confirmations that usually require a human to approve tool execution (e.g., file writes, command runs). This automation bypasses a critical security control and could lead to unauthorized actions if the script is run with malicious inputs.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing prompts from evals/evals.json and feeding them directly into an elevated execution environment.
  • Ingestion points: The prompt and context fields in evals/evals.json.
  • Boundary markers: None. The prompts are interpolated directly into the CLI command without delimiters or instructions to ignore embedded commands.
  • Capability inventory: The target environment (claude with bypassed permissions) has full access to available agent tools, including file system and shell access.
  • Sanitization: No validation, escaping, or sanitization of the evaluation prompts is performed before they are passed to the CLI.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 20, 2026, 09:50 PM