Skills
skills/mgechev/skillgrade/skillgrade-setup/Gen Agent Trust Hub

skillgrade-setup

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the skillgrade package globally via npm to provide the evaluation CLI tool.
  • [COMMAND_EXECUTION]: The procedures involve running the skillgrade CLI for initializing, running, and previewing evaluation results.
  • [COMMAND_EXECUTION]: The eval.yaml configuration specification allows users to define shell commands for Docker environment setup and for running deterministic grading scripts.
  • [PROMPT_INJECTION]: The skill documentation describes an attack surface for indirect prompt injection as it processes untrusted instructions and rubrics from configuration files (Ingestion points: eval.yaml fields instruction and rubric). No boundary markers are explicitly defined in the documentation. The tool possesses command execution capabilities (Capability inventory: run and setup commands in eval.yaml). No sanitization or filtering logic is specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 03:21 AM