evaluate-seo
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bun runtime to execute local utility scripts such as
manifest-sync.tsandappend-loop-result.ts. These scripts are used for internal project state management, ledger updates, and indexing, with no evidence of arbitrary command injection or untrusted shell execution. - [DATA_EXFILTRATION]: Network communication is performed via
scripts/lib/hosted-api.tstoapi.forsvn.com. This activity is used for telemetry, usage metering, and retrieving brand context for Pro users, which is consistent with the skill's stated multi-tier operational model. - [SAFE]: The skill accesses local configuration files (e.g.,
~/.config/forsvn/credentials.json) to manage its own API keys. This follows standard practices for local application secret management and does not involve harvesting unauthorized credentials. - [SAFE]: No signs of prompt injection, obfuscation, or persistence mechanisms were found. The skill includes a robust 'Critic' agent designed to enforce evidence discipline and prevent the fabrication of ranking data.
Audit Metadata