The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's scripts (_common.py, generate-scenarios.py, eval-behavioral.py, mutate-loop.py) use subprocess.run to execute external commands including the claude CLI and git. This behavior is necessary for its function as an evaluation harness but enables arbitrary command execution. \n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. (1) Ingestion points: generate-scenarios.py and eval-behavioral.py read content from user-provided target files. (2) Boundary markers: Untrusted content is interpolated into prompts using markdown fences without explicit instructions to the model to ignore embedded commands. (3) Capability inventory: The skill has access to shell execution, file system operations, and agent delegation. (4) Sanitization: No content filtering is applied to the target files before processing. \n- [EXTERNAL_DOWNLOADS]: The Python scripts use uv to resolve dependencies, which triggers downloads of the pyyaml package from standard registries at runtime. \n- [COMMAND_EXECUTION]: The test suite (scripts/test_eval_agent_md.py) utilizes importlib.util for dynamic loading of Python modules from the local scripts directory. \n- [COMMAND_EXECUTION]: The skill documentation in SKILL.md suggests modifying file permissions using chmod +x on its bundled scripts to enable execution.

eval-agent-md