lp-eval

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute local utility scripts, specifically append-loop-result.ts and manifest-sync.ts, using the bun runtime. These scripts are located in a variable-defined directory (${SKILLS_ROOT}) and are used for workspace synchronization and results ledger maintenance. This is standard functionality for the author's workflow.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect prompt injection surface.
  • Ingestion points: External evidence including analytics exports, experiment reports, and qualitative notes are ingested and processed by the Metric Ingest Agent and Diagnosis Agent in agents/metric-ingest-agent.md and agents/diagnosis-agent.md respectively.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agents to ignore or escape instructions that might be embedded within the external data sources.
  • Capability inventory: The skill has significant permissions including Read, Write, Edit, and Bash. These capabilities are used to generate evaluation reports and update the loop ledger via shell commands.
  • Sanitization: The skill lacks explicit validation or sanitization mechanisms for the data retrieved from external sources before it is used to generate filenames or shell command arguments in the orchestrator.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — lp-eval