bkit-evals
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Executes a local Node.js script (evals/runner.js) to perform evaluations.\n- [SAFE]: Implements rigorous input validation via regex for the skill name argument, preventing shell metacharacters or path traversal attempts.\n- [SAFE]: Employs child_process.spawnSync with an argument array rather than a shell string, effectively mitigating shell injection vulnerabilities.\n- [SAFE]: Restricts result persistence to a specific runtime directory (.bkit/runtime/) with sanitized filenames.
Audit Metadata