skill-evaluator

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill contains references to installation scripts for required coding-agent CLIs, such as the command curl -fsSL https://claude.ai/install.sh | bash. These scripts originate from the official domains of well-known and trusted technology providers like Anthropic and Google. These references are provided solely as informational setup instructions for the user and are not automatically executed by the skill's runtime scripts.
  • [COMMAND_EXECUTION]: The harness invokes external binaries, including claude, codex, and agy, using subprocess.run across its main logic scripts (run_quality_eval.py, run_script_checks.py, run_trigger_eval.py). It employs documented bypass flags like --dangerously-skip-permissions to allow for non-interactive headless operation, which is a core requirement for automated benchmarking.
  • [EXTERNAL_DOWNLOADS]: The skill references several external resources from official domains of well-known technology providers, such as Anthropic (claude.ai), Google (antigravity.google), and Cursor (cursor.com). These references are used for informational purposes and guiding the user through the setup process for the agents being evaluated.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 12:02 AM
Security Audit — agent-trust-hub — skill-evaluator