hedge-fund-committee-eval
Fail
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands to apply score caps and run regression tests using local Node.js scripts (
apply_score_caps.mjsandtest_gate_contract.mjs). - [PERSISTENCE_MECHANISMS]: The
SKILL.mdcontains an instruction to modify the Git configuration:git config core.hooksPath hooks. This redirects Git hooks (likepre-push) to a directory provided by the skill. This allows the skill's code to be executed automatically whenever the user performs Git operations, creating a persistent execution vector outside the AI agent's session. - [DATA_EXPOSURE]: The
test_gate_contract.mjsscript performs a path traversal operation (../../workflows/hedge-fund-committee.workflow.js) to read and analyze source code located outside the immediate skill directory. While intended for validation, this demonstrates the ability to access and inspect files elsewhere in the repository. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to evaluate 'workflow runs'. These runs are external data ingested into the prompt. If the data being graded contains malicious instructions designed to influence the 'blind judge' (LLM), it could bias the evaluation or extract instructions, though the risk is mitigated by the deterministic scoring script.
Recommendations
- AI detected serious security threats
Audit Metadata