Skills
skills/terminalskills/skills/ai-eval-ci/Gen Agent Trust Hub

ai-eval-ci

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the Promptfoo evaluation framework using npx promptfoo@latest and utilizes official GitHub Actions from the verified actions organization.\n- [PROMPT_INJECTION]: The custom evaluation logic in the TypeScript example (Strategy 2) presents a surface for indirect prompt injection by interpolating AI agent outputs into a judge prompt.\n
  • Ingestion points: output (AI Output) and rubric variables in the judge function within SKILL.md.\n
  • Boundary markers: Absent; untrusted AI output is concatenated directly into the prompt string.\n
  • Capability inventory: The script executes LLM API calls via the openai library to generate qualitative scores.\n
  • Sanitization: No sanitization or delimiter-based isolation is applied to the AI output before processing. This is documented as the intended functional pattern for LLM-as-judge evaluations.\n- [SAFE]: Sensitive API keys for OpenAI and Anthropic are accessed via GitHub Action secrets (${{ secrets.OPENAI_API_KEY }}) rather than being hardcoded in scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 09:15 PM