model-bank-metadata
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is focused on repository maintenance and backfilling metadata. Its instructions and accompanying scripts are strictly aligned with this operational purpose.
- [COMMAND_EXECUTION]: The maintenance workflow involves running local TypeScript scripts using
bunand standard development utilities likevitestandtsc. These operations are limited to the project's source code and do not involve untrusted input. - [COMMAND_EXECUTION]: The
scripts/extract-model-ids.tsutility usesawait import()to read data from the project's own model definition files. This is a standard pattern for programmatically accessing internal TypeScript data structures. - [PROMPT_INJECTION]: The skill describes a research workflow that ingests external documentation from model vendors and Hugging Face.
- Ingestion points: External technical documentation, system cards, and official model cards.
- Boundary markers: The workflow requires the research agent to return structured data in a specific JSON schema.
- Capability inventory: The skill provides codemod scripts (
apply-cutoffs.ts,apply-family.ts) that can modify TypeScript files in the localpackages/model-bank/directory. - Sanitization: Potential risks from external data are mitigated by strict sourcing rules, a policy filter that discards data from non-authoritative sources, and an adversarial verification agent that re-validates all research claims before any code modifications are applied.
Audit Metadata