Public Trust Report
Trust Agent publishes the score, findings, analyst narrative, and artefact fingerprint while keeping prompts, code, and protected configuration inside the secure review boundary.
Audit outcome
PASSED
Stage scores
S1 75 / S2 100 / S3 88
Artefact hash
1b02a56d5d402691adbb357d973f2f91f470166b24113bb98f61d1e55ae5c6eb
Signed at
4/1/2026, 6:46:16 PM
Dev Test completed the Trust Agent automated review pipeline for agent listings. Stage 1 configuration integrity scored 75/100 and stage 2 behaviour testing scored 100/100. The companion security scan produced 95/100 with outcome PASSED. Overall trust score: 87/100. Primary analyst watchpoints: Source attribution is incomplete, License metadata missing. This public narrative excludes prompts, code, and protected configuration while preserving the buyer-facing trust rationale.
Source attribution is incomplete
manifest-mismatch
Public repo and mirror ingestion paths must preserve a resolvable source URL for provenance review.
Recommended action: Attach a source record with source URL, owner, and commit or tag metadata.
License metadata missing
license-conflict
The agent does not declare an observable source license, which weakens provenance and enterprise review.
Recommended action: Populate license metadata from the upstream repository or manifest.
Agent sandbox behaviour testing passed
pass
Badge state
SECURITY ADVISORY
Passed checks
37
Critical / high
0 / 0
Verification ID
scan_e3a9bfb77738c2ab
Trust Agent publishes buyer-safe evidence only. If you are the creator and need full remediation details, use your creator dashboard or admin review access rather than the public report.
Network, filesystem, and behavior-alignment heuristics passed automated stage 2 testing.
Analyst follow-up summary
edge-case-fail
Analyst review highlighted follow-up watchpoints: Source attribution is incomplete, License metadata missing.
Recommended action: Address the highlighted watchpoints in the next submitted version.
