rag-eval
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of evaluation logic through local Python scripts.
- Evidence: Use of
uv run --project scripts/eval python scripts/eval/evaluate_rag.pyto trigger benchmarks. - Context: These commands are used to interact with the project's internal evaluation suite as intended by the skill's primary purpose.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its core function of processing external datasets.
- Ingestion points: Reads data from the
corpus/directory and thetrain.jsonfile for RAG indexing and testing. - Boundary markers: None identified; the skill relies on standard data processing workflows without explicit delimiter-based isolation.
- Capability inventory: File system access tools (
Read,Write,Edit) and shell execution (uv,python3) are available to the agent to perform the evaluation. It also performs network requests to RAG and ingestor endpoints. - Sanitization: No specific content sanitization or validation of the input datasets is documented before processing.
Audit Metadata