discover
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands including
git(diff, status, ls-files) and theevoCLI to manage repository state and execute benchmarks. These operations are performed locally and are essential to the skill's primary function of code optimization. - [EXTERNAL_DOWNLOADS]: The skill references the installation of
evo-hq-cliandevo-hq-agent(viauv,pip, ornpm). These are official resources belonging to the vendor 'evo-hq'. The skill explicitly instructs the agent to ask for user confirmation before performing any installation and provides manual installation steps for the user. - [DATA_EXPOSURE]: The skill provides instructions for loading local
.envfiles usingevo env load. This is a standard administrative feature for providing benchmarks with necessary runtime credentials and is managed locally by the vendor's CLI. - [DYNAMIC_EXECUTION]: The skill involves the creation and execution of benchmark harness scripts within isolated experiment worktrees. This runtime code generation and execution is the core purpose of the optimization tool.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The skill reads local repository files such as READMEs, entry points, and configuration files to understand the codebase (SKILL.md Section 1).
- Boundary markers: Not explicitly specified during the repository exploration phase.
- Capability inventory: The skill can execute shell commands and modify the filesystem within dedicated experiment worktrees.
- Sanitization: No explicit sanitization of repository content is mentioned, but the data is used to inform the agent's choreography rather than as direct command input.
Audit Metadata