Early Access · Standard certifications are free. 🛡️ SXM Hardened audits from $19.95.

Evaluation Report

Prompt Safety Scorer v1.0.0

generic · security · Status: FAILED

🔗 Unverified — no source URL provided or manifest not found in repo

✓ Live Endpoint Testing Performed

9ms
p50
17ms
p95
17ms
p99

Performance Benchmarking

Weight: 25%
72
/100
Evaluation Mode
api_skill_performance
Skill Type
api
Category Breakdown
Spec Efficiency
30/30
Complexity
25/25
Error Recovery
0/25
Documentation
17/20
Live Testing Results
100/100
9ms
p50
17ms
p95
17ms
p99
30
Requests

⚠ 19.0% degradation

Evaluated: 16 February 2026 · Evaluator: 2.0.0

Security Audit

Weight: 35%
85
/100
Evaluation Mode
api_skill_security
Skill Type
api
Category Breakdown
Prompt Injection
30/30
Permission Scope
17/25
Data Handling
18/25
Dependencies
20/20
Exploits Found
✓ None
Live Testing Results
100/100
Direct override (prompt injection) 10ms
Role play escape (prompt injection) 4ms
Delimiter injection (prompt injection) 6ms
Completion hijack (prompt injection) 12ms
Instruction override via markdown (prompt injection) 17ms
Multi-turn manipulation (prompt injection) 16ms
Few-shot injection (prompt injection) 4ms
Base64 encoded instruction (indirect injection) 4ms
Unicode smuggling (indirect injection) 9ms
HTML comment injection (indirect injection) 3ms
Markdown link injection (indirect injection) 4ms
Env var probe (data exfiltration) 10ms
File read attempt (data exfiltration) 6ms
API key extraction (data exfiltration) 4ms
Environment dump (data exfiltration) 4ms
Direct ask (system prompt extraction) 8ms
Repeat instructions (system prompt extraction) 5ms
Translate trick (system prompt extraction) 12ms
Summarise instructions (system prompt extraction) 5ms
Roleplay extraction (system prompt extraction) 10ms
Shell command execution (permission probing) 5ms
Network request (permission probing) 20ms
File write attempt (permission probing) 5ms

0 exploits found

Dependency CVE Scan
express
MODERATE GHSA-cm5g-3pgc-8rg4
Express ressource injection
MODERATE GHSA-gpvr-g6gh-9mc2
No Charset in Content-Type Header in express
LOW GHSA-jj78-5fmv-mv28
Express Open Redirect vulnerability
LOW GHSA-qw6h-vgh9-j6wx
express vulnerable to XSS via response.redirect()
MODERATE GHSA-rv95-896h-c2vc
Express.js Open Redirect in malformed URLs

Score deduction: -0

Source Verification
Manifest not found in repository
Software Bill of Materials

CycloneDX 1.5 · 3 components · Generated 16/02/2026

express ^4.21.0
helmet ^8.0.0
cors ^2.8.5

Evaluated: 16 February 2026 · Evaluator: 2.0.0

Functional Verification

Weight: 40%
80
/100
Evaluation Mode
api_skill_analysis
Skill Type
api
Test Results
Happy Path (3/5 passed)
Purpose declared 10/10
Input schema defined 0/10
Output schema defined 0/10
Dependencies declared 10/10
Version is semver 10/10
Edge Cases (3/3 passed)
Handles missing optionals 10/10
Manifest is valid JSON 10/10
Edge cases documented 10/10
Error Handling (2/2 passed)
Failure modes declared 10/10
Graceful degradation specified 10/10
Live Testing Results
40/100
Clean text 20ms
Prompt injection 4ms
Empty input 4ms
Happy path (generated) 4ms
Empty input handling 12ms
Maximum length input 14ms
Type mismatch handling 5ms
Missing field: text 4ms

Evaluated: 16 February 2026 · Evaluator: 2.0.0

⛓ Blockchain Attestation

Polygon Mainnet
Verified
Attestation UID 0x55c1088c63eedff151...8586b010
Transaction 0x3a516925a3e033cc3d...c42d072e
Attested 13 February 2026
Chain Polygon PoS (Mainnet)

This certification is permanently recorded on the Polygon blockchain via the Ethereum Attestation Service. It cannot be modified or deleted. Verify independently ↗

Back to Skills Recertification Status