short-form-eval

Warn

Audited by Socket on May 14, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The skill’s main purpose and file accesses are mostly coherent for a marketing evaluation workflow, and it does not request credentials or route data through odd endpoints. Risk comes from two inconsistencies: it processes untrusted external post content while retaining Bash/Write capabilities, and it instructs use of an Agent tool not declared in allowed-tools. Bun usage is a low supply-chain concern because it is an official, open-source runtime, not an unverifiable binary in this context.

Confidence: 84%Severity: 56%
Audit Metadata
Analyzed At
May 14, 2026, 04:05 PM
Package URL
pkg:socket/skills-sh/hungv47%2Fresearch-skills%2Fshort-form-eval%2F@023660ab28e25874b8eaaf4f28a8fc2da456891b
Security Audit — socket — short-form-eval