tuning-panel
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION] (SAFE): The skill implements a feature to export tuned values via
navigator.clipboard.writeText(in JS) orUIPasteboard/NSPasteboard(in Swift). This is a local operation intended for user-driven data transfer and does not involve unauthorized network transmission. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns for remote code execution, piped shell scripts, or unsafe dynamic evaluation were found. The code generation patterns are templates meant for manual integration by a developer.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded API keys, tokens, or private secrets were identified in the codebase or examples.
- [PROMPT_INJECTION] (LOW): The skill contains instructions to format data for LLM consumption. While there is no specific sanitization for parameter names before interpolation into these strings, the risk of indirect injection is minimal as it requires a user to manually copy-paste the output into another session.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references standard, well-known libraries such as
leva,tweakpane, anddat.gui. It provides installation commands for these but does not perform automated, untrusted downloads during execution.
Audit Metadata