Skills
skills/vanman2024/ai-dev-marketplace/eval-tracking/Gen Agent Trust Hub

eval-tracking

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script scripts/setup-tracking.sh executes the supabase command-line tool. This is a standard operation for database migrations but requires the tool to be pre-installed and authenticated in the environment.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill manages the storage of evaluation data which naturally includes untrusted model inputs and outputs.
  • Ingestion points: Untrusted data enters the system through the eval_cases table in the input and actual_output fields.
  • Boundary markers: No delimiters or instructions are used to separate untrusted content from the schema logic.
  • Capability inventory: The skill provides persistence (database write) but does not include any tools that read the data back for execution or decision-making.
  • Sanitization: There is no evidence of sanitization or escaping of the stored content.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 17, 2026, 12:15 AM