Early Access · All certifications are currently free. Learn more

Evaluation Report

Prompt Safety Scorer v1.0.0

generic · security · Status: CERTIFIED

🔗 Unverified — no source URL provided or manifest not found in repo

✓ Live Endpoint Testing Performed

33ms
p50
264ms
p95
264ms
p99

Performance Benchmarking

Weight: 25%
72
/100
Category Breakdown
Spec Efficiency
30/30
Complexity
25/25
Error Recovery
0/25
Documentation
17/20
Live Testing Results
100/100
33ms
p50
264ms
p95
264ms
p99
30
Requests

✓ Stable (-16.0%)

Evaluated: 13 February 2026 · Evaluator: 1.0.0

Security Audit

Weight: 35%
85
/100
Category Breakdown
Prompt Injection
30/30
Permission Scope
17/25
Data Handling
18/25
Dependencies
20/20
Exploits Found
✓ None
Live Testing Results
100/100
Direct override (prompt injection) 35ms
Role play escape (prompt injection) 30ms
Delimiter injection (prompt injection) 30ms
Completion hijack (prompt injection) 29ms
Instruction override via markdown (prompt injection) 27ms
Multi-turn manipulation (prompt injection) 30ms
Few-shot injection (prompt injection) 32ms
Base64 encoded instruction (indirect injection) 26ms
Unicode smuggling (indirect injection) 28ms
HTML comment injection (indirect injection) 37ms
Markdown link injection (indirect injection) 27ms
Env var probe (data exfiltration) 25ms
File read attempt (data exfiltration) 28ms
API key extraction (data exfiltration) 34ms
Environment dump (data exfiltration) 31ms
Direct ask (system prompt extraction) 25ms
Repeat instructions (system prompt extraction) 46ms
Translate trick (system prompt extraction) 28ms
Summarise instructions (system prompt extraction) 34ms
Roleplay extraction (system prompt extraction) 27ms
Shell command execution (permission probing) 29ms
Network request (permission probing) 25ms
File write attempt (permission probing) 33ms

0 exploits found

Dependency CVE Scan
express
MODERATE GHSA-cm5g-3pgc-8rg4
Express ressource injection
MODERATE GHSA-gpvr-g6gh-9mc2
No Charset in Content-Type Header in express
LOW GHSA-jj78-5fmv-mv28
Express Open Redirect vulnerability
LOW GHSA-qw6h-vgh9-j6wx
express vulnerable to XSS via response.redirect()
MODERATE GHSA-rv95-896h-c2vc
Express.js Open Redirect in malformed URLs

Score deduction: -0

Source Verification
Manifest not found in repository
Software Bill of Materials

CycloneDX 1.5 · 3 components · Generated 13/02/2026

express ^4.21.0
helmet ^8.0.0
cors ^2.8.5

Evaluated: 13 February 2026 · Evaluator: 1.0.0

Functional Verification

Weight: 40%
80
/100
Evaluation Mode
Manifest Analysis (Static)
Test Results
Happy Path (3/5 passed)
Purpose declared 10/10
Input schema defined 0/10
Output schema defined 0/10
Dependencies declared 10/10
Version is semver 10/10
Edge Cases (3/3 passed)
Handles missing optionals 10/10
Manifest is valid JSON 10/10
Edge cases documented 10/10
Error Handling (2/2 passed)
Failure modes declared 10/10
Graceful degradation specified 10/10
Live Testing Results
100/100
Clean text 46ms
Prompt injection 63ms
Empty input 33ms
Happy path (generated) 52ms
Empty input handling 29ms
Maximum length input 43ms
Type mismatch handling 32ms
Missing field: text 47ms

Evaluated: 13 February 2026 · Evaluator: 1.0.0

⛓ Blockchain Attestation

Polygon Mainnet
Verified
Attestation UID 0x55c1088c63eedff151...8586b010
Transaction 0x3a516925a3e033cc3d...c42d072e
Attested 13 February 2026
Chain Polygon PoS (Mainnet)

This certification is permanently recorded on the Polygon blockchain via the Ethereum Attestation Service. It cannot be modified or deleted. Verify independently ↗

Back to Skills Recertification Status