evaluate-seo

Pass

Audited by Gen Agent Trust Hub on Jul 4, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bun runtime to execute local utility scripts such as manifest-sync.ts and append-loop-result.ts. These scripts are used for internal project state management, ledger updates, and indexing, with no evidence of arbitrary command injection or untrusted shell execution.
  • [DATA_EXFILTRATION]: Network communication is performed via scripts/lib/hosted-api.ts to api.forsvn.com. This activity is used for telemetry, usage metering, and retrieving brand context for Pro users, which is consistent with the skill's stated multi-tier operational model.
  • [SAFE]: The skill accesses local configuration files (e.g., ~/.config/forsvn/credentials.json) to manage its own API keys. This follows standard practices for local application secret management and does not involve harvesting unauthorized credentials.
  • [SAFE]: No signs of prompt injection, obfuscation, or persistence mechanisms were found. The skill includes a robust 'Critic' agent designed to enforce evidence discipline and prevent the fabrication of ranking data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 4, 2026, 10:16 PM
Security Audit — agent-trust-hub — evaluate-seo