skill-supervisor
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts (e.g., 'python3 evals/pm/evaluate.py') to drive the evaluation and scoring process. It also facilitates a dynamic execution loop where an agent ('Modifier') generates a new 'SKILL.md' file that is subsequently executed by a 'Runner' sub-agent to test performance improvements.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as the 'Supervisor' and 'Judge' roles ingest and process artifacts produced by the 'Runner' sub-agent, such as the 'weekly note text' and 'raw decisions'.
- Ingestion points: Artifacts generated by the Runner sub-agent (decisions_vN.jsonl, weekly note text).
- Boundary markers: The skill employs logical role separation ('hard-separated' roles) and 'blind' sub-agents to limit cross-contamination of instructions and scoring logic.
- Capability inventory: Spawns autonomous sub-agents using the 'Agent tool' and executes local shell commands via 'python3'.
- Sanitization: No specific sanitization or filtering of the content produced by sub-agents is mentioned before it is processed by the Judge or Supervisor.
Audit Metadata