package-evaluator
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [SAFE]: The skill was audited for prompt injection, data exfiltration, and malicious command execution. No suspicious patterns were found.
- [DATA_EXFILTRATION]: The skill analyzes local package files for quality metrics but does not possess the capability to transmit data over the network or access sensitive system files like SSH keys or environment variables.
- [NO_CODE]: The skill is implemented using instructions and documentation only; it does not include any scripts or binaries.
- [SAFE]: Although the skill processes external data from other packages, this is limited to static analysis of YAML metadata and file structures, with no execution of the content occurring. The mandatory evidence chain for the data processing surface is: (1) Ingestion point: Phase 2 Analysis reads package files. (2) Boundary markers: Absent. (3) Capability inventory: Static analysis and report generation. (4) Sanitization: Absent. The risk is negligible as content is not executed.
Audit Metadata