fit-scorer
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a local Python utility (youtube.py) to fetch engagement metrics. This execution is performed using the plugin's internal script directory and is limited to gathering specific influencer data points.
- [SAFE]: Data operations are restricted to the memory/ path, ensuring that influencer profiles and scoring reports are handled according to the agent's state model.
- [SAFE]: The skill processes social media content to evaluate engagement quality. Ingestion occurs via the youtube.py script or user input; while no explicit boundary markers or sanitization are defined for this data, the skill's structured evaluation framework mitigates risks associated with indirect prompt injection.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, or unauthorized exfiltration were identified. The skill's behavior matches its stated purpose and the author's known profile.
Audit Metadata