waxa-eval
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill mentions and instructs the use of
npx @mizchi/waxa. This involves downloading and executing a package from the npm registry. Since the package is under the namespace of the skill's author, it is considered a legitimate vendor resource. - [COMMAND_EXECUTION]: The documentation includes several shell commands (e.g.,
waxa init,waxa iterate,waxa audit) for the agent or user to run. These are standard CLI interactions for a development and testing tool. - [REMOTE_CODE_EXECUTION]: The skill describes a
codegrader type that evaluates JavaScript expressions to perform structural assertions on output. This involves dynamic execution of code defined in local evaluation configuration files, which is consistent with the tool's stated purpose of skill evaluation.
Audit Metadata