eval
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and analyzes files from the current project directory to perform code evaluation. An attacker could embed malicious instructions within these files (e.g., in code comments) to hijack the evaluator agent's logic. Analysis of the attack surface reveals:
- Ingestion points: The skill reads code outputs and project files as input for the evaluation process as described in SKILL.md.
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between the code being analyzed and instructions for the agent itself.
- Capability inventory: The skill utilizes the 'Bash' tool as indicated in its configuration, which provides a powerful interface for command execution that could be abused if the agent is influenced by malicious data.
- Sanitization: The skill does not perform any validation or sanitization of the project files before they are processed by the evaluator agent.
Audit Metadata