skill-evaluation

The skill bundle provides a framework for evaluating AI agent skills, including a safety scanner and a trigger evaluator. The script `scripts/run_trigger_eval.py` performs high-risk operations by writing temporary files into sensitive agent configuration directories (e.g., `.claude/commands/`, `.cursor/rules/`, and `.claw/skills/`) and executing platform CLI tools like `claude`, `claw`, and `codex` via `subprocess`. Although the code includes security controls such as path traversal protection (`_verify_path_containment`) and a neutralization function to strip prompt-injection patterns from descriptions, the capability to programmatically modify agent configurations and execute shell commands for testing purposes remains a significant risk.