Skills
skills/oakencore/skillvet/trigger-string-evasion/Gen Agent Trust Hub

trigger-string-evasion

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • Obfuscation (HIGH): In index.js, the code uses string concatenation ('ev' + 'al') to resolve the global eval function. This is a classic evasion technique designed to bypass static analysis tools and security scanners that flag the literal use of eval.
  • Dynamic Execution (MEDIUM): The skill invokes the reconstructed eval function to execute a string (alert(1)) as code. This establishes a dangerous execution sink that can be used to run arbitrary logic at runtime, bypassing the usual compile-time or static-analysis safety checks.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:46 AM
Security Audit — agent-trust-hub — trigger-string-evasion