write-ad
Pass
Audited by Gen Agent Trust Hub on Jul 4, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: No evidence of hardcoded credentials or unauthorized data access was found. The skill processes user-supplied research data and performance metrics stored in a local
.forsvndirectory. Scripts such asappend-loop-result.tsandscaffold-eval-loop.tsinclude explicit checks (realpathSync,sep, and symlink guards) to ensure operations remain within the project root and do not escape to sensitive system areas. - [INDIRECT_PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it ingests untrusted data from external sources (e.g.,
lp_descriptionandavailable_proof). However, it employs multiple defensive layers, including a Format Checker hard-gate and a 7-dimension Critic rubric, which sanitize and validate content before final delivery. The risk is assessed as low and inherent to the skill's primary function. - [COMMAND_EXECUTION]: The skill uses a
Bashtool to execute local TypeScript scripts via the Bun runtime. These scripts (manifest-sync.ts,scaffold-eval-loop.ts, etc.) are part of the skill's infrastructure and perform administrative tasks like directory scaffolding and metadata synchronization. No arbitrary command execution or shell injection patterns were detected. - [REMOTE_CODE_EXECUTION]: All code is local and verifiable. No remote scripts are downloaded or executed at runtime. Dependencies are limited to Node.js/Bun built-in modules.
- [OBFUSCATION]: No obfuscated commands, Base64-encoded payloads, zero-width characters, or homoglyph-based evasions were identified in the skill instructions or scripts.
Audit Metadata