skills/danielmiessler/lifeos/Evals/Gen Agent Trust Hub

Evals

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Graders/CodeBased/StaticAnalysis.ts and Graders/CodeBased/BinaryTests.ts execute arbitrary shell commands defined in Task configuration YAML files (e.g., using Bun's shell). While appropriate for a testing framework, this represents a potential risk if configuration files are tampered with.
  • [REMOTE_CODE_EXECUTION]: Tools/ScenarioRunner.ts uses dynamic import() to load and execute TypeScript scenario modules based on user-supplied file paths from the command line. This allows for arbitrary code execution within the framework context.
  • [PROMPT_INJECTION]: The skill ingests untrusted agent outputs and conversation transcripts in Graders/ModelBased/LLMRubric.ts and Graders/ModelBased/NaturalLanguageAssert.ts, creating a surface for indirect prompt injection.
  • Ingestion points: Agent outputs are ingested via GraderContext.output and full transcripts are captured in Tools/TranscriptCapture.ts.
  • Boundary markers: Evaluation prompts use Markdown headers (e.g., '## Output to Evaluate') as delimiters for untrusted content.
  • Capability inventory: The skill has high-privilege capabilities including shell command execution and dynamic module loading.
  • Sanitization: There is no evidence of sanitization or escaping of ingested transcripts before they are interpolated into LLM judge prompts.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes several well-known and standard dependencies in its package.json, such as @ai-sdk/anthropic, ai, and @langwatch/scenario, which are considered safe sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 03:34 PM
Security Audit — agent-trust-hub — Evals