skills/lulu-eva/eva-skill/eva-brief/Gen Agent Trust Hub

eva-brief

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses files in a sibling directory using relative paths (e.g., '../eva/'). While these appear to be vendor-owned resources, the behavior allows access to data outside the immediate skill package.
  • [PROMPT_INJECTION]: The skill processes untrusted user-supplied documents (marketing briefs) to generate structured instructions for other agent components. • Ingestion points: User input containing business briefs and requirements. • Boundary markers: None; the skill does not use delimiters to isolate untrusted data. • Capability inventory: Reading local file system and generating data for downstream tasks. • Sanitization: None; input is processed without validation for embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 06:25 AM
Security Audit — agent-trust-hub — eva-brief