short-form-eval

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill employs the WebFetch tool to retrieve content from external URLs for evaluation. This is standard behavior for its intended use case.
  • [COMMAND_EXECUTION]: It executes the local script bun meta-skills/scripts/manifest-sync.ts to maintain the agent's internal state, which is a safe project-level operation.
  • [SAFE]: Evaluation of indirect prompt injection surfaces: (1) Ingestion points: Data is fetched from user-provided post URLs. (2) Boundary markers: Content is passed as context to sub-agents without explicit sanitization headers. (3) Capability inventory: The agent has access to file writing and local command execution. (4) Sanitization: While explicit sanitization is absent, the rigid output schemas and the multi-agent validation process (Critic agent) provide inherent mitigation against adversarial content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 04:04 PM
Security Audit — agent-trust-hub — short-form-eval