skill-improvement-eval
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill acts as a validator for other agent skills, checking for structural integrity and trigger accuracy. Its operations are consistent with development-time QA tasks.
- [COMMAND_EXECUTION]: The skill invokes a provided Python script (eval_runner.py) using the Bash tool. The script uses standard libraries to perform string analysis and does not execute untrusted code.
- [DATA_EXFILTRATION]: The evaluator reads local skill files and writes results to a TSV file in the skill's subdirectory. No network connections or access to sensitive credentials were observed.
- [PROMPT_INJECTION]: The skill evaluates untrusted skill descriptions; however, this is conducted through heuristic patterns and keyword matching rather than dynamic execution, neutralizing the risk of indirect injection.
Audit Metadata