run-evals

Pass

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches source code and configuration from the vendor's official GitHub repository (different-ai/openwork).\n- [COMMAND_EXECUTION]: Utilizes the daytona CLI to create sandboxes and execute setup commands, such as pnpm install, git clone, and service initialization scripts inside the ephemeral environment.\n- [PROMPT_INJECTION]: The skill processes instruction-like steps from files within the repository (e.g., evals/daytona-flows.md). This constitutes an indirect prompt injection surface as the agent interprets and executes steps defined in external data.\n
  • Ingestion points: Markdown files in the evals/ directory within the cloned repository.\n
  • Boundary markers: Absent; there are no delimiters or instructions to prevent the agent from following malicious commands if they were to be present in the evaluation files.\n
  • Capability inventory: The agent has access to daytona exec for shell commands and browser_evaluate for executing JavaScript within the sandbox's browser.\n
  • Sanitization: The skill does not perform validation or sanitization of the steps read from the evaluation files before the agent processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
May 21, 2026, 02:35 PM
Security Audit — agent-trust-hub — run-evals