sparkle-win
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides technical documentation for integrating the legitimate and widely-used WinSparkle framework.
- [PROMPT_INJECTION]: No malicious instruction patterns or attempts to bypass agent safety constraints were detected.
- [EXTERNAL_DOWNLOADS]: References to external code are limited to the official project repository on GitHub and official package registries like NuGet and PyPI.
- [REMOTE_CODE_EXECUTION]: The skill guides the implementation of an auto-update system, providing detailed security measures such as EdDSA signature verification and mandatory HTTPS to ensure the integrity of update payloads.
- [COMMAND_EXECUTION]: Examples demonstrate the use of developer-focused command-line tools for cryptographic key generation and binary signing.
- [DATA_EXFILTRATION]: No patterns of unauthorized data access or transmission to unknown domains were found; network operations are restricted to the updater's intended functionality.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets or private keys are present; example public keys are provided for signature verification purposes.
Audit Metadata