skill-supervisor

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands to execute local Python scripts (e.g., python3 evals/pm/evaluate.py) that score the performance of modified skills and enforce invariant constraints.
  • [PROMPT_INJECTION]: There is a potential for Indirect Prompt Injection because the skill ingests and processes untrusted data (target skill instructions and evaluation scenarios) which is then used to direct subagent behavior.
  • Ingestion points: The skill reads the target SKILL.md for modification, evaluation inputs from evals/pm/scenarios/inputs.jsonl, and execution results from JSONL files in the results/ directory.
  • Boundary markers: No specific delimiters or safety instructions are defined to separate untrusted data from the supervisor's or subagents' primary instructions.
  • Capability inventory: The skill can spawn subagents via the Agent tool, execute Python scripts in the shell, and modify files within the repository.
  • Sanitization: The skill lacks mechanisms to sanitize or validate the content of the skills it generates or the evaluation data it processes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — skill-supervisor