script-evaluator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it is designed to ingest and analyze external, untrusted content (film scripts).
- Ingestion points: Processes external script files or text provided as input for evaluation.
- Boundary markers: Absent. There are no instructions to the agent to treat script content as data only or to ignore instructions that might be embedded within the script text.
- Capability inventory: The skill is authorized to use
ReadandWritetools, which could be misused if a malicious script successfully injects instructions to modify or leak other files. - Sanitization: None detected. The instructions do not include steps to sanitize or escape the input text.
- [NO_CODE] (SAFE): This is a documentation-only skill. No executable scripts (.py, .js, .sh), binary files, or configuration files that trigger code execution were found. All logic is contained within natural language prompts.
Audit Metadata