recoup-internal-eval-skill-benchmark

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a bundled Python script (scripts/measure.py) to perform deterministic measurements on a user-specified target directory. The script is restricted to the Python standard library and does not perform network operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it requires the agent to read and analyze untrusted content from SKILL.md files and scripts in external directories.
  • Ingestion points: The agent is explicitly directed to read and interpret file bodies, descriptions, and procedures from a target path in Phase 3 and Phase 4.
  • Boundary markers: The instructions lack specific delimiters or ignore-instructions warnings to distinguish between tool data and instructions when reading the target files.
  • Capability inventory: The skill possesses file-reading capabilities and command execution for its internal script, providing a path for injected instructions to influence the auditing report.
  • Sanitization: Although the measurement script uses regex-based parsing to avoid unsafe YAML loading, the agent's direct analysis of the file contents is not sanitized, potentially allowing malicious content to affect the agent's reasoning process.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 11:35 PM