Skills
skills/hungv47/research-skills/short-form-eval/Gen Agent Trust Hub

short-form-eval

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches external content from user-provided <post-url> and processes it through multiple agents without explicit security boundaries.
  • Ingestion points: Data retrieved from the <post-url> in SKILL.md using the WebFetch tool.
  • Boundary markers: Absent. The fetched content is concatenated into prompts for the Hook Strength and Eval Runner agents without delimiters or instructions to ignore embedded commands.
  • Capability inventory: Access to the Bash tool for local script execution, Write access to the .agents/ directory, and the ability to spawn sub-agents using the Agent tool.
  • Sanitization: Absent. There is no mention of sanitizing or escaping the content fetched from the remote URL before it is processed by the AI.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute a local maintenance script.
  • Evidence: SKILL.md contains a side-effect instruction to call bun meta-skills/scripts/manifest-sync.ts after writing output artifacts.
  • Context: This appears to be a legitimate operational task for indexing artifacts within the agent's workspace, but involves shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 06:09 PM