hackathon-judging
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill requests access to sensitive user credentials, specifically the
KAGGLE_API_TOKENenvironment variable and the~/.kaggle/access_tokenfile, to authenticate interactions with the Kaggle MCP server. This is consistent with the vendor's own authentication requirements. - [COMMAND_EXECUTION]: Instructions suggest using CLI tools such as
Playwrightandyt-dlpto process external URLs and media provided in submissions. Executing these tools on data from untrusted sources creates an attack surface for potential environment exploitation. - [PROMPT_INJECTION]: The skill processes untrusted user-generated content (writeups and artifacts), representing an Indirect Prompt Injection risk.
- Ingestion points: Submissions retrieved via
list_hackathon_write_upsand external links processed by Playwright/yt-dlp. - Boundary markers: The instructions do not specify explicit delimiters or "ignore previous instructions" guards for the ingested content.
- Capability inventory: The skill uses subprocess calls to external CLI tools and performs logic-based ranking and grading.
- Sanitization: No specific sanitization or filtering logic is provided within the skill instructions.
- [EXTERNAL_DOWNLOADS]: The skill references an external GitHub repository (
hamelsmu/evals-skills) as an auditing toolkit and points to a web dashboard hosted on an external Google Cloud Run URL.
Audit Metadata