evaluate-shortform
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes several internal TypeScript scripts (e.g., manifest-sync.ts, scaffold-eval-loop.ts) for maintaining a local artifact index and results ledger. These scripts implement defensive programming practices, including symlink detection, path normalization, and strict input sanitization (slugification) to prevent directory traversal or command injection.
- [SAFE]: Agent roles (critic, eval-runner, hook-strength, pattern-extractor) are clearly defined with bounded instructions. No evidence of prompt injection attempts or instructions to override underlying model constraints was found.
- [SAFE]: External network access is limited to fetching data from established short-form video platforms for evaluation purposes. There is no evidence of hardcoded credentials, sensitive file access, or data exfiltration to unauthorized domains.
- [SAFE]: The skill's metadata and instructional content are consistent with its stated purpose. Dependencies are localized within the skill folder, and no suspicious external code patterns or obfuscation techniques were detected.
Audit Metadata