eva
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or security risks were detected across the skill files. The instructions are well-structured and focus entirely on content creation workflows.
- [INDIRECT_PROMPT_INJECTION]: The 'benchmark-copy' module processes untrusted external content provided by the user (such as other creators' scripts or notes) for structural analysis. While this is an attack surface for indirect prompt injection, it is categorized as safe because the skill lacks the execution capabilities (e.g., file system access, network tools, or code execution) required to weaponize such an injection.
- Ingestion points:
references/04_eva-benchmark-copy_对标文案拆解.mdaccepts external content for analysis. - Boundary markers: Absent. The skill does not explicitly instruct the agent to ignore potentially malicious commands embedded within analyzed external text.
- Capability inventory: The skill is restricted to natural language generation and has no access to high-risk tools or system-level APIs.
- Sanitization: No input sanitization or filtering is implemented for processed content.
- [NO_CODE]: The skill consists exclusively of instructional Markdown files and configuration. It does not contain or require any executable scripts, binaries, or external software dependencies.
Audit Metadata