skill-evaluation
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as its primary function is to ingest and evaluate untrusted external skills.
- Ingestion points: SKILL.md (Step 0) specifies that the agent takes a target skill path or name as input.
- Boundary markers: Absent. The instructions do not define delimiters or specific safety instructions to prevent the agent from potentially obeying commands embedded within the untrusted skill being evaluated.
- Capability inventory: The evaluation process involves reading file contents and analyzing metadata, which could be exploited if the agent executes instructions found in the target content.
- Sanitization: Absent. No sanitization or validation of the input skill's content is described.
- [EXTERNAL_DOWNLOADS]: The skill documentation and reference files mention external resources from trusted organizations and well-known services.
- Evidence: References the
anthropics/skillsrepository on GitHub andraw.githubusercontent.comfor calibration and baseline benchmarking. - Evidence: References
skills.shand thevercel-labsorganization for ecosystem analysis and baseline reporting.
Audit Metadata