eve-manifest-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a configuration guide for 'Eve' manifests. It uses standard practices for service definitions, pipeline orchestration, and secret management.
- [DATA_EXPOSURE_EXFILTRATION]: All secrets mentioned (e.g., Google Drive credentials, registry tokens) use placeholders like 'xxx' or refer to secure interpolation methods like '${secret.KEY}' and '.eve/dev-secrets.yaml', which aligns with best practices.
- [EXTERNAL_DOWNLOADS]: The skill references Docker images from 'public.ecr.aws' (a well-known service) and 'ghcr.io/incept5' (the author's own repository). These are legitimate resources for the skill's purpose.
- [COMMAND_EXECUTION]: The documentation describes platform features such as pipeline steps (scripts/actions) and CLI registration (which involves 'chmod +x' and symlinking). These are documented as core platform behaviors for automation and are not malicious instructions within the skill itself.
Audit Metadata