recoup-internal-eval-skill-benchmark
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a bundled Python script (
scripts/measure.py) to perform deterministic measurements on a user-specified target directory. The script is restricted to the Python standard library and does not perform network operations. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it requires the agent to read and analyze untrusted content from SKILL.md files and scripts in external directories.
- Ingestion points: The agent is explicitly directed to read and interpret file bodies, descriptions, and procedures from a target path in Phase 3 and Phase 4.
- Boundary markers: The instructions lack specific delimiters or ignore-instructions warnings to distinguish between tool data and instructions when reading the target files.
- Capability inventory: The skill possesses file-reading capabilities and command execution for its internal script, providing a path for injected instructions to influence the auditing report.
- Sanitization: Although the measurement script uses regex-based parsing to avoid unsafe YAML loading, the agent's direct analysis of the file contents is not sanitized, potentially allowing malicious content to affect the agent's reasoning process.
Audit Metadata