hedge-fund-committee-eval

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to apply score caps and run regression tests using local Node.js scripts (apply_score_caps.mjs and test_gate_contract.mjs).
  • [PERSISTENCE_MECHANISMS]: The SKILL.md contains an instruction to modify the Git configuration: git config core.hooksPath hooks. This redirects Git hooks (like pre-push) to a directory provided by the skill. This allows the skill's code to be executed automatically whenever the user performs Git operations, creating a persistent execution vector outside the AI agent's session.
  • [DATA_EXPOSURE]: The test_gate_contract.mjs script performs a path traversal operation (../../workflows/hedge-fund-committee.workflow.js) to read and analyze source code located outside the immediate skill directory. While intended for validation, this demonstrates the ability to access and inspect files elsewhere in the repository.
  • [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to evaluate 'workflow runs'. These runs are external data ingested into the prompt. If the data being graded contains malicious instructions designed to influence the 'blind judge' (LLM), it could bias the evaluation or extract instructions, though the risk is mitigated by the deterministic scoring script.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — hedge-fund-committee-eval