skill-eval
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The repository contains several examples of unsafe download-and-execute patterns, such as 'curl | bash' in 'tests/fixtures/bad-skill/SKILL.md' and 'examples/f-to-a-improvement/before/SKILL.md'. These are part of a test suite designed to verify that the auditor flags such high-risk activities.
- [REMOTE_CODE_EXECUTION]: Multiple test files and bad-skill examples contain intentional RCE vulnerabilities, including the use of 'eval()', 'exec()', and 'pickle.load()' (e.g., in 'tests/fixtures/bad-skill/scripts/evil.py'). These files serve as ground-truth data for the auditing tool.
- [CREDENTIALS_UNSAFE]: The framework includes mock credentials like API keys and tokens in its 'tests/' and 'examples/' directories to test the secret scanner (e.g., 'examples/lifecycle-demo/v1/SKILL.md'). None of these appear to be real or sensitive credentials.
- [COMMAND_EXECUTION]: The core logic of the tool in 'skill_eval/agent_runner.py' executes shell commands via 'subprocess.run' to interact with the 'claude' CLI. This is a functional requirement for evaluating AI skills.
- [SAFE]: The skill is a security-focused tool where the presence of malicious patterns in the testing and example infrastructure is necessary for its intended purpose. No actual malicious behavior or hidden exfiltration was found in the core logic.
Audit Metadata