Verification ID
scan_a075ccfb268ee85b
Badge status
SECURITY FAILED
Artefact hash
Scan completed
3/31/2026, 11:27:05 AM
| Check | Category | Status | Summary | Tool |
|---|---|---|---|---|
| SC-001 | Malware Analysis | NOT APPLICABLE | Signature Malware Scan is not applicable to skill listings. | Trust Agent signatures |
| SC-002 | Malware Analysis | NOT APPLICABLE | Suspicious Binary Heuristics is not applicable to skill listings. | Heuristic binary scan |
| SC-003 | Malware Analysis | NOT APPLICABLE | Archive Nesting Review is not applicable to skill listings. | Archive unpack guard |
| SC-004 | Malware Analysis | NOT APPLICABLE | Known Exploit Loader Patterns is not applicable to skill listings. | Pattern bank |
| SC-005 | Malware Analysis | NOT APPLICABLE | Encoded Payload Detection is not applicable to skill listings. | Entropy and payload scan |
| SC-006 | Malware Analysis | NOT APPLICABLE | Dropper Behaviour Indicators is not applicable to skill listings. | Execution heuristic scan |
| SC-007 | Static Analysis | PASSED | No secrets or credential material were detected. | Pattern bank |
| SC-008 | Static Analysis | PASSED | No secrets or credential material were detected. | Regex detection |
| SC-009 | Static Analysis | PASSED | No secrets or credential material were detected. | Key material detector |
| SC-010 | Static Analysis | NOT APPLICABLE | Injection Vulnerability Scan is not applicable to skill listings. | Command and eval heuristic |
| SC-011 | Static Analysis | NOT APPLICABLE | Unsafe Filesystem Command Review is not applicable to skill listings. | Filesystem guardrail matcher |
| SC-012 | Static Analysis | NOT APPLICABLE | Unbounded Process Execution Review is not applicable to skill listings. | Execution matcher |
| SC-013 | Static Analysis | NOT APPLICABLE | Remote Code Fetch Indicators is not applicable to skill listings. | Remote execution matcher |
| SC-014 | Static Analysis | NOT APPLICABLE | Privilege Escalation Indicators is not applicable to skill listings. | Privilege matcher |
| SC-015 | Static Analysis | NOT APPLICABLE | Obfuscated Code Patterns is not applicable to skill listings. | Obfuscation matcher |
| SC-016 | Static Analysis | NOT APPLICABLE | Permission Declaration Completeness is not applicable to skill listings. | Manifest reconciliation |
| SC-017 | Static Analysis | PASSED | No prohibited claim patterns were detected. | Prompt policy matcher |
| SC-018 | Static Analysis | NOT APPLICABLE | Hard Limits Presence is not applicable to skill listings. | Prompt structure scan |
| SC-019 | Static Analysis | FAILED | Escalation behavior is not clearly declared. | Prompt structure scan |
| SC-020 | Static Analysis | PASSED | No prompt override or jailbreak patterns were detected. | Prompt matcher |
| SC-021 | Static Analysis | PASSED | No prompt override or jailbreak patterns were detected. | Jailbreak matcher |
| SC-022 | Dependency Analysis | NOT APPLICABLE | Dependency Inventory Build is not applicable to skill listings. | Manifest parser |
| SC-023 | Dependency Analysis | NOT APPLICABLE | Known Vulnerable Package Review is not applicable to skill listings. | Heuristic CVE matcher |
| SC-024 | Dependency Analysis | NOT APPLICABLE | Typosquat Risk Review is not applicable to skill listings. | Name similarity matcher |
| SC-025 | Dependency Analysis | NOT APPLICABLE | Unpinned Dependency Review is not applicable to skill listings. | Version policy matcher |
| SC-026 | Dependency Analysis | NOT APPLICABLE | License Conflict Review is not applicable to skill listings. | License reconciler |
| SC-027 | Dependency Analysis | NOT APPLICABLE | Install Script Review is not applicable to skill listings. | Script matcher |
| SC-028 | Dependency Analysis | NOT APPLICABLE | Dependency Scope Minimization is not applicable to skill listings. | Package inventory scorer |
| SC-029 | Dependency Analysis | NOT APPLICABLE | Supply Package Reputation Review is not applicable to skill listings. | Reputation heuristic |
| SC-030 | Network Analysis | NOT APPLICABLE | Outbound HTTP Behavior Review is not applicable to skill listings. | Network policy matcher |
| SC-031 | Network Analysis | NOT APPLICABLE | Webhook and Callback Review is not applicable to skill listings. | Endpoint matcher |
| SC-032 | Network Analysis | NOT APPLICABLE | Domain Allowlist Presence is not applicable to skill listings. | Allowlist matcher |
| SC-033 | Network Analysis | NOT APPLICABLE | Raw Socket Indicator Review is not applicable to skill listings. | Socket matcher |
| SC-034 | Network Analysis | PASSED | No exfiltration-oriented language was detected. | Exfiltration matcher |
| SC-035 | Network Analysis | NOT APPLICABLE | DNS and Tunnel Indicator Review is not applicable to skill listings. | Tunnel matcher |
| SC-036 | Network Analysis | NOT APPLICABLE | Remote Host Scope Review is not applicable to skill listings. | Host scope checker |
| SC-037 | Behaviour Analysis | NOT APPLICABLE | Sandbox Escape Surface Review is not applicable to skill listings. | Container escape matcher |
| SC-038 | Behaviour Analysis | NOT APPLICABLE | Resource Abuse Review is not applicable to skill listings. | Resource heuristic |
| SC-039 | Behaviour Analysis | PASSED | Listing claims appear consistent with observed capability markers. | Claim reconciler |
| SC-040 | Behaviour Analysis | PASSED | Refusal behavior coverage appears adequate. | Boundary matcher |
| SC-041 | Behaviour Analysis | WARNING | Escalation behavior coverage appears weak. | Escalation matcher |
| SC-042 | Behaviour Analysis | PASSED | No persona drift risk markers were detected. | Persona consistency scan |
| SC-043 | Privacy Compliance | PASSED | Privacy declarations appear proportionate to detected data patterns. | Privacy matcher |
| SC-044 | Privacy Compliance | PASSED | Retention behavior appears declared or absent. | Retention matcher |
| SC-045 | Privacy Compliance | PASSED | No meaningful cross-user leakage markers were detected. | State-sharing heuristic |
| SC-046 | Supply Chain Analysis | PASSED | Creator-authored listing does not require third-party source provenance. | Upstream dependency review |
| SC-047 | Integrity Verification | FAILED | Artefact hash is missing or invalid. | SHA-256 integrity checker |
TRUST AGENT SECURITY SCAN REPORT Listing: ZPD-Calibrated Scaffolding Version: live Type: SKILL Verification ID: scan_a075ccfb268ee85b Artefact: sha256: Badge Status: SECURITY_FAILED MALWARE ANALYSIS SC-001 NOT_APPLICABLE Signature Malware Scan - Signature Malware Scan is not applicable to skill listings. SC-002 NOT_APPLICABLE Suspicious Binary Heuristics - Suspicious Binary Heuristics is not applicable to skill listings. SC-003 NOT_APPLICABLE Archive Nesting Review - Archive Nesting Review is not applicable to skill listings. SC-004 NOT_APPLICABLE Known Exploit Loader Patterns - Known Exploit Loader Patterns is not applicable to skill listings. SC-005 NOT_APPLICABLE Encoded Payload Detection - Encoded Payload Detection is not applicable to skill listings. SC-006 NOT_APPLICABLE Dropper Behaviour Indicators - Dropper Behaviour Indicators is not applicable to skill listings. Passed 0/6 STATIC ANALYSIS SC-007 PASSED Secrets and Credentials Scan - No secrets or credential material were detected. SC-008 PASSED API Key Detection - No secrets or credential material were detected. SC-009 PASSED Private Key or Certificate Check - No secrets or credential material were detected. SC-010 NOT_APPLICABLE Injection Vulnerability Scan - Injection Vulnerability Scan is not applicable to skill listings. SC-011 NOT_APPLICABLE Unsafe Filesystem Command Review - Unsafe Filesystem Command Review is not applicable to skill listings. SC-012 NOT_APPLICABLE Unbounded Process Execution Review - Unbounded Process Execution Review is not applicable to skill listings. SC-013 NOT_APPLICABLE Remote Code Fetch Indicators - Remote Code Fetch Indicators is not applicable to skill listings. SC-014 NOT_APPLICABLE Privilege Escalation Indicators - Privilege Escalation Indicators is not applicable to skill listings. SC-015 NOT_APPLICABLE Obfuscated Code Patterns - Obfuscated Code Patterns is not applicable to skill listings. SC-016 NOT_APPLICABLE Permission Declaration Completeness - Permission Declaration Completeness is not applicable to skill listings. SC-017 PASSED Prohibited Prompt Claims - No prohibited claim patterns were detected. SC-018 NOT_APPLICABLE Hard Limits Presence - Hard Limits Presence is not applicable to skill listings. SC-019 FAILED Escalation Policy Presence - Escalation behavior is not clearly declared. SC-020 PASSED Prompt Injection Vulnerability - No prompt override or jailbreak patterns were detected. SC-021 PASSED Jailbreak Pattern Detection - No prompt override or jailbreak patterns were detected. Passed 6/15 DEPENDENCY ANALYSIS SC-022 NOT_APPLICABLE Dependency Inventory Build - Dependency Inventory Build is not applicable to skill listings. SC-023 NOT_APPLICABLE Known Vulnerable Package Review - Known Vulnerable Package Review is not applicable to skill listings. SC-024 NOT_APPLICABLE Typosquat Risk Review - Typosquat Risk Review is not applicable to skill listings. SC-025 NOT_APPLICABLE Unpinned Dependency Review - Unpinned Dependency Review is not applicable to skill listings. SC-026 NOT_APPLICABLE License Conflict Review - License Conflict Review is not applicable to skill listings. SC-027 NOT_APPLICABLE Install Script Review - Install Script Review is not applicable to skill listings. SC-028 NOT_APPLICABLE Dependency Scope Minimization - Dependency Scope Minimization is not applicable to skill listings. SC-029 NOT_APPLICABLE Supply Package Reputation Review - Supply Package Reputation Review is not applicable to skill listings. Passed 0/8 NETWORK ANALYSIS SC-030 NOT_APPLICABLE Outbound HTTP Behavior Review - Outbound HTTP Behavior Review is not applicable to skill listings. SC-031 NOT_APPLICABLE Webhook and Callback Review - Webhook and Callback Review is not applicable to skill listings. SC-032 NOT_APPLICABLE Domain Allowlist Presence - Domain Allowlist Presence is not applicable to skill listings. SC-033 NOT_APPLICABLE Raw Socket Indicator Review - Raw Socket Indicator Review is not applicable to skill listings. SC-034 PASSED Data Exfiltration Keyword Review - No exfiltration-oriented language was detected. SC-035 NOT_APPLICABLE DNS and Tunnel Indicator Review - DNS and Tunnel Indicator Review is not applicable to skill listings. SC-036 NOT_APPLICABLE Remote Host Scope Review - Remote Host Scope Review is not applicable to skill listings. Passed 1/7 BEHAVIOUR ANALYSIS SC-037 NOT_APPLICABLE Sandbox Escape Surface Review - Sandbox Escape Surface Review is not applicable to skill listings. SC-038 NOT_APPLICABLE Resource Abuse Review - Resource Abuse Review is not applicable to skill listings. SC-039 PASSED Behavior versus Listing Claim Review - Listing claims appear consistent with observed capability markers. SC-040 PASSED Refusal Behavior Coverage - Refusal behavior coverage appears adequate. SC-041 WARNING Escalation Behavior Coverage - Escalation behavior coverage appears weak. SC-042 PASSED Persona Drift Review - No persona drift risk markers were detected. Passed 3/6 PRIVACY COMPLIANCE SC-043 PASSED PII Collection Declaration - Privacy declarations appear proportionate to detected data patterns. SC-044 PASSED Data Retention Policy Review - Retention behavior appears declared or absent. SC-045 PASSED Cross-User Data Leakage Risk - No meaningful cross-user leakage markers were detected. Passed 3/3 SUPPLY CHAIN ANALYSIS SC-046 PASSED Third-Party Dependency Audit - Creator-authored listing does not require third-party source provenance. Passed 1/1 INTEGRITY VERIFICATION SC-047 FAILED Artefact Hash Verification - Artefact hash is missing or invalid. Passed 0/1
