eval-and-improve
Pass
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple local shell commands and scripts to manage the development environment and run tests. This includes environment setup via './scripts/venv_setup.sh', database management with 'docker compose', and running the evaluation suite using 'python -m evals'.
- [CREDENTIALS_UNSAFE]: The agent interacts with sensitive environment configuration files. It is directed to verify and potentially copy '.env' files containing credentials such as 'OPENAI_API_KEY' and 'PARALLEL_API_KEY' to ensure they are available to the test runner.
- [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection where evaluation outputs could influence the agent to inject malicious code during the 'fix' phase.
- Ingestion points: The agent reads data from test run outputs ('python -m evals') and local source files ('agents/.py', 'evals/cases.py').
- Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions that might be embedded in the evaluation data being processed.
- Capability inventory: The agent possesses the capability to write to local source code files and execute arbitrary shell commands within the project environment.
- Sanitization: There is no process described for sanitizing or validating test outputs before the agent uses them to diagnose and implement code modifications.
Audit Metadata