research-platform
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill implements robust filesystem security measures in its provided scripts, including symlink detection via lstatSync and atomic file creation using the 'wx' flag to prevent symlink-based directory traversal or unauthorized file modification.
- [SAFE]: The skill adheres to a credential-free posture, explicitly stating in its playbook that it does not call live APIs or hold account logins, relying instead on operator-provided data transcribed faithfully.
- [COMMAND_EXECUTION]: The skill executes local Bun scripts for filesystem management and manifest indexing. These scripts are bundled with the skill and do not incorporate unvalidated external input into shell commands, focusing on project structure maintenance.
- [EXTERNAL_DOWNLOADS]: The benchmark-agent uses WebSearch and WebFetch to collect industry benchmark data as part of its primary research function. The instructions require all external data to be cited with source URLs and dates to ensure transparency.
- [SAFE]: The architecture utilizes a dedicated critic-agent to validate all synthesized content against binary rubrics, effectively mitigating the risk of data fabrication or instruction override through a rigorous five-rubric quality gate.
Audit Metadata