eval-and-improve

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple local shell commands and scripts to manage the development environment and run tests. This includes environment setup via './scripts/venv_setup.sh', database management with 'docker compose', and running the evaluation suite using 'python -m evals'.
  • [CREDENTIALS_UNSAFE]: The agent interacts with sensitive environment configuration files. It is directed to verify and potentially copy '.env' files containing credentials such as 'OPENAI_API_KEY' and 'PARALLEL_API_KEY' to ensure they are available to the test runner.
  • [PROMPT_INJECTION]: The skill establishes a surface for indirect prompt injection where evaluation outputs could influence the agent to inject malicious code during the 'fix' phase.
  • Ingestion points: The agent reads data from test run outputs ('python -m evals') and local source files ('agents/.py', 'evals/cases.py').
  • Boundary markers: The instructions do not define delimiters or specific warnings to ignore instructions that might be embedded in the evaluation data being processed.
  • Capability inventory: The agent possesses the capability to write to local source code files and execute arbitrary shell commands within the project environment.
  • Sanitization: There is no process described for sanitizing or validating test outputs before the agent uses them to diagnose and implement code modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 01:03 PM
Security Audit — agent-trust-hub — eval-and-improve