ai-agent-observability-evaluation
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a collection of high-quality architectural references and technical specifications. It does not contain any executable malicious code, obfuscation, or data exfiltration attempts.
- [DATA_EXPOSURE]: The skill explicitly defines security patterns for preventing data exposure. In
references/ai-agent-observability-and-replay/entrypoint.md, it provides detailed redaction rules for PII, emails, and financial data within agent traces and tool I/O logs. - [COMMAND_EXECUTION]: The Python code snippets provided are pedagogical and use standard libraries (e.g.,
hashlib,json,pathlib). They describe logic for scoring agent trajectories and verifying evidence packs but do not execute arbitrary or unsafe commands. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns were detected. References to GitHub Actions (
actions/checkout@v4) and local script runners are standard for CI/CD documentation. - [PROMPT_INJECTION]: The skill includes guidance for building 'Adversarial' evaluation sets specifically to test agents for prompt injection and jailbreak attempts (
references/ai-agent-eval/references/golden-tasks-construction.md), demonstrating a security-focused design.
Audit Metadata