shinka-setup
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to install the
shinka-evolvelibrary from the Python Package Index (PyPI). - [COMMAND_EXECUTION]: The workflow involves generating code and executing a local smoke test via
python evaluate.py. Evaluator templates also describe the use ofsubprocessto run candidate programs. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted user task descriptions to generate code. It uses
EVOLVE-BLOCKdelimiters to separate code regions. Capabilities include file writing and local execution of the generated scaffolds.
Audit Metadata