skill-supervisor
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to execute local Python scripts (e.g.,
python3 evals/pm/evaluate.py) that score the performance of modified skills and enforce invariant constraints. - [PROMPT_INJECTION]: There is a potential for Indirect Prompt Injection because the skill ingests and processes untrusted data (target skill instructions and evaluation scenarios) which is then used to direct subagent behavior.
- Ingestion points: The skill reads the target
SKILL.mdfor modification, evaluation inputs fromevals/pm/scenarios/inputs.jsonl, and execution results from JSONL files in theresults/directory. - Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted data from the supervisor's or subagents' primary instructions.
- Capability inventory: The skill can spawn subagents via the
Agenttool, execute Python scripts in the shell, and modify files within the repository. - Sanitization: The skill lacks mechanisms to sanitize or validate the content of the skills it generates or the evaluation data it processes.
Audit Metadata