Verification ID
scan_e3a9bfb77738c2ab
Badge status
SECURITY ADVISORY
Artefact hash
1b02a56d5d402691adbb357d973f2f91f470166b24113bb98f61d1e55ae5c6eb
Scan completed
4/1/2026, 6:46:15 PM
| Check | Category | Status | Summary | Tool |
|---|---|---|---|---|
| SC-001 | Malware Analysis | PASSED | No malware-like markers were detected in the submitted artefact metadata. | Trust Agent signatures |
| SC-002 | Malware Analysis | PASSED | No malware-like markers were detected in the submitted artefact metadata. | Heuristic binary scan |
| SC-003 | Malware Analysis | PASSED | No malware-like markers were detected in the submitted artefact metadata. | Archive unpack guard |
| SC-004 | Malware Analysis | PASSED | No malware-like markers were detected in the submitted artefact metadata. | Pattern bank |
| SC-005 | Malware Analysis | PASSED | No malware-like markers were detected in the submitted artefact metadata. | Entropy and payload scan |
| SC-006 | Malware Analysis | PASSED | No malware-like markers were detected in the submitted artefact metadata. | Execution heuristic scan |
| SC-007 | Static Analysis | PASSED | No secrets or credential material were detected. | Pattern bank |
| SC-008 | Static Analysis | PASSED | No secrets or credential material were detected. | Regex detection |
| SC-009 | Static Analysis | PASSED | No secrets or credential material were detected. | Key material detector |
| SC-010 | Static Analysis | PASSED | No high-risk execution patterns were detected. | Command and eval heuristic |
| SC-011 | Static Analysis | PASSED | No high-risk execution patterns were detected. | Filesystem guardrail matcher |
| SC-012 | Static Analysis | PASSED | No high-risk execution patterns were detected. | Execution matcher |
| SC-013 | Static Analysis | PASSED | No high-risk execution patterns were detected. | Remote execution matcher |
| SC-014 | Static Analysis | PASSED | No high-risk execution patterns were detected. | Privilege matcher |
| SC-015 | Static Analysis | PASSED | No high-risk execution patterns were detected. | Obfuscation matcher |
| SC-016 | Static Analysis | PASSED | Declared permissions appear consistent with the manifest. | Manifest reconciliation |
| SC-017 | Static Analysis | NOT APPLICABLE | Prohibited Prompt Claims is not applicable to agent listings. | Prompt policy matcher |
| SC-018 | Static Analysis | NOT APPLICABLE | Hard Limits Presence is not applicable to agent listings. | Prompt structure scan |
| SC-019 | Static Analysis | NOT APPLICABLE | Escalation Policy Presence is not applicable to agent listings. | Prompt structure scan |
| SC-020 | Static Analysis | NOT APPLICABLE | Prompt Injection Vulnerability is not applicable to agent listings. | Prompt matcher |
| SC-021 | Static Analysis | NOT APPLICABLE | Jailbreak Pattern Detection is not applicable to agent listings. | Jailbreak matcher |
| SC-022 | Dependency Analysis | WARNING | No structured dependency inventory was found. | Manifest parser |
| SC-023 | Dependency Analysis | PASSED | No known high-risk dependency names were detected. | Heuristic CVE matcher |
| SC-024 | Dependency Analysis | PASSED | No typosquat-style dependency names were detected. | Name similarity matcher |
| SC-025 | Dependency Analysis | PASSED | Dependency versions are explicitly pinned or not applicable. | Version policy matcher |
| SC-026 | Dependency Analysis | WARNING | No license metadata was found for the artefact. | License reconciler |
| SC-027 | Dependency Analysis | PASSED | No risky install-time scripts were detected. | Script matcher |
| SC-028 | Dependency Analysis | PASSED | Dependency footprint is proportionate to the declared scope. | Package inventory scorer |
| SC-029 | Dependency Analysis | PASSED | Dependency naming appears conventional. | Reputation heuristic |
| SC-030 | Network Analysis | PASSED | Network behavior appears bounded or absent. | Network policy matcher |
| SC-031 | Network Analysis | PASSED | Network behavior appears bounded or absent. | Endpoint matcher |
| SC-032 | Network Analysis | PASSED | Network behavior appears bounded or absent. | Allowlist matcher |
| SC-033 | Network Analysis | PASSED | No raw socket or tunneling behavior was detected. | Socket matcher |
| SC-034 | Network Analysis | PASSED | No exfiltration-oriented language was detected. | Exfiltration matcher |
| SC-035 | Network Analysis | PASSED | No raw socket or tunneling behavior was detected. | Tunnel matcher |
| SC-036 | Network Analysis | PASSED | Network behavior appears bounded or absent. | Host scope checker |
| SC-037 | Behaviour Analysis | PASSED | No sandbox escape surfaces were detected. | Container escape matcher |
| SC-038 | Behaviour Analysis | PASSED | No resource abuse patterns were detected. | Resource heuristic |
| SC-039 | Behaviour Analysis | PASSED | Listing claims appear consistent with observed capability markers. | Claim reconciler |
| SC-040 | Behaviour Analysis | NOT APPLICABLE | Refusal Behavior Coverage is not applicable to agent listings. | Boundary matcher |
| SC-041 | Behaviour Analysis | NOT APPLICABLE | Escalation Behavior Coverage is not applicable to agent listings. | Escalation matcher |
| SC-042 | Behaviour Analysis | NOT APPLICABLE | Persona Drift Review is not applicable to agent listings. | Persona consistency scan |
| SC-043 | Privacy Compliance | PASSED | Privacy declarations appear proportionate to detected data patterns. | Privacy matcher |
| SC-044 | Privacy Compliance | PASSED | Retention behavior appears declared or absent. | Retention matcher |
| SC-045 | Privacy Compliance | PASSED | No meaningful cross-user leakage markers were detected. | State-sharing heuristic |
| SC-046 | Supply Chain Analysis | PASSED | Upstream source provenance is present for supply-chain review. | Upstream dependency review |
| SC-047 | Integrity Verification | PASSED | Artefact hash verification passed. | SHA-256 integrity checker |
TRUST AGENT SECURITY SCAN REPORT Listing: Dev Test Version: 1.0.0 Type: AGENT Verification ID: scan_e3a9bfb77738c2ab Artefact: sha256:1b02a56d5d402691adbb357d973f2f91f470166b24113bb98f61d1e55ae5c6eb Badge Status: SECURITY_ADVISORY MALWARE ANALYSIS SC-001 PASSED Signature Malware Scan - No malware-like markers were detected in the submitted artefact metadata. SC-002 PASSED Suspicious Binary Heuristics - No malware-like markers were detected in the submitted artefact metadata. SC-003 PASSED Archive Nesting Review - No malware-like markers were detected in the submitted artefact metadata. SC-004 PASSED Known Exploit Loader Patterns - No malware-like markers were detected in the submitted artefact metadata. SC-005 PASSED Encoded Payload Detection - No malware-like markers were detected in the submitted artefact metadata. SC-006 PASSED Dropper Behaviour Indicators - No malware-like markers were detected in the submitted artefact metadata. Passed 6/6 STATIC ANALYSIS SC-007 PASSED Secrets and Credentials Scan - No secrets or credential material were detected. SC-008 PASSED API Key Detection - No secrets or credential material were detected. SC-009 PASSED Private Key or Certificate Check - No secrets or credential material were detected. SC-010 PASSED Injection Vulnerability Scan - No high-risk execution patterns were detected. SC-011 PASSED Unsafe Filesystem Command Review - No high-risk execution patterns were detected. SC-012 PASSED Unbounded Process Execution Review - No high-risk execution patterns were detected. SC-013 PASSED Remote Code Fetch Indicators - No high-risk execution patterns were detected. SC-014 PASSED Privilege Escalation Indicators - No high-risk execution patterns were detected. SC-015 PASSED Obfuscated Code Patterns - No high-risk execution patterns were detected. SC-016 PASSED Permission Declaration Completeness - Declared permissions appear consistent with the manifest. SC-017 NOT_APPLICABLE Prohibited Prompt Claims - Prohibited Prompt Claims is not applicable to agent listings. SC-018 NOT_APPLICABLE Hard Limits Presence - Hard Limits Presence is not applicable to agent listings. SC-019 NOT_APPLICABLE Escalation Policy Presence - Escalation Policy Presence is not applicable to agent listings. SC-020 NOT_APPLICABLE Prompt Injection Vulnerability - Prompt Injection Vulnerability is not applicable to agent listings. SC-021 NOT_APPLICABLE Jailbreak Pattern Detection - Jailbreak Pattern Detection is not applicable to agent listings. Passed 10/15 DEPENDENCY ANALYSIS SC-022 WARNING Dependency Inventory Build - No structured dependency inventory was found. SC-023 PASSED Known Vulnerable Package Review - No known high-risk dependency names were detected. SC-024 PASSED Typosquat Risk Review - No typosquat-style dependency names were detected. SC-025 PASSED Unpinned Dependency Review - Dependency versions are explicitly pinned or not applicable. SC-026 WARNING License Conflict Review - No license metadata was found for the artefact. SC-027 PASSED Install Script Review - No risky install-time scripts were detected. SC-028 PASSED Dependency Scope Minimization - Dependency footprint is proportionate to the declared scope. SC-029 PASSED Supply Package Reputation Review - Dependency naming appears conventional. Passed 6/8 NETWORK ANALYSIS SC-030 PASSED Outbound HTTP Behavior Review - Network behavior appears bounded or absent. SC-031 PASSED Webhook and Callback Review - Network behavior appears bounded or absent. SC-032 PASSED Domain Allowlist Presence - Network behavior appears bounded or absent. SC-033 PASSED Raw Socket Indicator Review - No raw socket or tunneling behavior was detected. SC-034 PASSED Data Exfiltration Keyword Review - No exfiltration-oriented language was detected. SC-035 PASSED DNS and Tunnel Indicator Review - No raw socket or tunneling behavior was detected. SC-036 PASSED Remote Host Scope Review - Network behavior appears bounded or absent. Passed 7/7 BEHAVIOUR ANALYSIS SC-037 PASSED Sandbox Escape Surface Review - No sandbox escape surfaces were detected. SC-038 PASSED Resource Abuse Review - No resource abuse patterns were detected. SC-039 PASSED Behavior versus Listing Claim Review - Listing claims appear consistent with observed capability markers. SC-040 NOT_APPLICABLE Refusal Behavior Coverage - Refusal Behavior Coverage is not applicable to agent listings. SC-041 NOT_APPLICABLE Escalation Behavior Coverage - Escalation Behavior Coverage is not applicable to agent listings. SC-042 NOT_APPLICABLE Persona Drift Review - Persona Drift Review is not applicable to agent listings. Passed 3/6 PRIVACY COMPLIANCE SC-043 PASSED PII Collection Declaration - Privacy declarations appear proportionate to detected data patterns. SC-044 PASSED Data Retention Policy Review - Retention behavior appears declared or absent. SC-045 PASSED Cross-User Data Leakage Risk - No meaningful cross-user leakage markers were detected. Passed 3/3 SUPPLY CHAIN ANALYSIS SC-046 PASSED Third-Party Dependency Audit - Upstream source provenance is present for supply-chain review. Passed 1/1 INTEGRITY VERIFICATION SC-047 PASSED Artefact Hash Verification - Artefact hash verification passed. Passed 1/1
