lp-eval
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute local utility scripts, specificallyappend-loop-result.tsandmanifest-sync.ts, using thebunruntime. These scripts are located in a variable-defined directory (${SKILLS_ROOT}) and are used for workspace synchronization and results ledger maintenance. This is standard functionality for the author's workflow. - [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect prompt injection surface.
- Ingestion points: External evidence including analytics exports, experiment reports, and qualitative notes are ingested and processed by the
Metric Ingest AgentandDiagnosis Agentinagents/metric-ingest-agent.mdandagents/diagnosis-agent.mdrespectively. - Boundary markers: There are no explicit delimiters or instructions provided to the agents to ignore or escape instructions that might be embedded within the external data sources.
- Capability inventory: The skill has significant permissions including
Read,Write,Edit, andBash. These capabilities are used to generate evaluation reports and update the loop ledger via shell commands. - Sanitization: The skill lacks explicit validation or sanitization mechanisms for the data retrieved from external sources before it is used to generate filenames or shell command arguments in the orchestrator.
Audit Metadata