{"eval":{"version":"openagentskill-skill-eval-v1","slug":"thoughtbot-top-secret","name":"Top Secret","generated_at":"2026-06-23T04:56:01.386Z","task_input":"Evaluate Top Secret before installing it in an AI agent workflow","status":"review","score":75,"risk_level":"medium","decision":{"recommendation":"manual_review","reason":"Test manually in an isolated workspace and compare against safer alternatives.","auto_install_allowed":false,"policy":"review","human_review_required":true},"task_fit":{"score":94,"suited_tasks":["Security and compliance workflows","Claude Code teams","builders willing to evaluate younger projects","Inspect risky files","Prioritize findings","Explain remediation steps","Extract obligations","Highlight risky clauses"],"suited_agents":["Ruby","Privacy","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"]},"install":{"command":"npx skills add thoughtbot/top_secret","ready":true,"policy":"review","safety_label":"Avoid automatic install","targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add thoughtbot/top_secret"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Top Secret\" agent skill from https://github.com/thoughtbot/top_secret. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Top Secret\" as a Claude Code skill from https://github.com/thoughtbot/top_secret. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Top Secret\" from https://github.com/thoughtbot/top_secret into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs."}]},"trust":{"score":78,"label":"Strong shortlist","version":"trust-score-v4","evidence":{"stars":"405 GitHub stars","repoActivity":"405 stars, 11 forks","lastPushed":"1mo since push","license":"MIT","repository":"https://github.com/thoughtbot/top_secret","install":"npx skills add thoughtbot/top_secret","installSafety":"standard package or runtime install path","permissionSurface":"secrets or environment access, filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"}},"audit":{"score":82,"risk_level":"needs_review","risk_label":"Needs review","warnings":["Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 405 stars, 11 forks; issue activity unavailable in current metadata","Permission surface: secrets or environment access, filesystem or document access"]},"safety_gate":{"score":54,"tier":"experimental","label":"Experimental","auto_install_policy":"review","blocked":false,"permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"},{"id":"secrets","label":"Secrets or environment access","reason":"Skill metadata references credentials, tokens, environment variables, or secret-bearing workflows.","severity":"high"}],"policy_warnings":["High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing"]},"checks":[{"id":"task_fit","label":"Task fit","status":"pass","score":94,"required_for_auto_install":true,"detail":"Task wording matches this skill metadata.","evidence":["Evaluate Top Secret before installing it in an AI agent workflow","legal-compliance","Security and compliance workflows; Claude Code teams; builders willing to evaluate younger projects"]},{"id":"install_path","label":"Install path","status":"pass","score":92,"required_for_auto_install":true,"detail":"Install handoff is available.","evidence":["npx skills add thoughtbot/top_secret"]},{"id":"install_safety","label":"Install command safety","status":"pass","score":92,"required_for_auto_install":true,"detail":"standard package or runtime install path","evidence":["npx skills add thoughtbot/top_secret"]},{"id":"trust_score","label":"Trust score","status":"warn","score":78,"required_for_auto_install":true,"detail":"Good trust signals with a few areas worth checking before rollout.","evidence":["Strong shortlist","405 GitHub stars","MIT"]},{"id":"audit_score","label":"Audit score","status":"warn","score":82,"required_for_auto_install":true,"detail":"Needs review","evidence":["Permission surface may require sandboxing"]},{"id":"agent_safety_gate","label":"Agent safety gate","status":"warn","score":54,"required_for_auto_install":true,"detail":"Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","evidence":["Test manually in an isolated workspace and compare against safer alternatives.","High-risk permission hints: Secrets or environment access"]},{"id":"readme_skillmd_completeness","label":"README/SKILL.md completeness","status":"pass","score":90,"required_for_auto_install":false,"detail":"Metadata includes enough usage and workflow context","evidence":["Strong README/SKILL.md context"]},{"id":"license_clarity","label":"License clarity","status":"pass","score":86,"required_for_auto_install":true,"detail":"MIT","evidence":["MIT"]},{"id":"recent_maintenance","label":"Recent maintenance","status":"pass","score":88,"required_for_auto_install":false,"detail":"1mo since push","evidence":["1mo since push"]},{"id":"permission_surface","label":"Permission surface","status":"warn","score":60,"required_for_auto_install":true,"detail":"secrets or environment access, filesystem or document access","evidence":["Network access: medium","Filesystem access: medium","Secrets or environment access: high"]},{"id":"alternatives","label":"Alternatives available","status":"pass","score":82,"required_for_auto_install":false,"detail":"Alternative skills are available for comparison.","evidence":["caddyserver-caddy","raphire-win11debloat","adguardteam-adguardhome","lissy93-web-check"]}],"blockers":[],"warnings":["Trust score: Good trust signals with a few areas worth checking before rollout.","Audit score: Needs review","Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","Permission surface: secrets or environment access, filesystem or document access","High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 405 stars, 11 forks; issue activity unavailable in current metadata"],"validation_plan":["Inspect repository, README/SKILL.md, license, and recent commits before production use.","Install in an isolated workspace or sandbox with no production secrets available.","Run the smallest representative task and record files touched, commands run, network access, and outputs.","Compare the selected skill against at least one alternative when the eval status is review or failed.","Promote only after the agent reports a successful verification result and unresolved warnings are accepted."],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No OpenAgentSkill engagement data yet","High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 405 stars, 11 forks; issue activity unavailable in current metadata"],"alternatives":[{"slug":"caddyserver-caddy","name":"Caddy","url":"https://www.openagentskill.com/skills/caddyserver-caddy","stars":73356,"install_command":"npx skills add caddyserver/caddy","trust_score":92,"audit_score":94},{"slug":"raphire-win11debloat","name":"Win11Debloat","url":"https://www.openagentskill.com/skills/raphire-win11debloat","stars":48230,"install_command":"npx skills add Raphire/Win11Debloat","trust_score":93,"audit_score":94},{"slug":"adguardteam-adguardhome","name":"AdGuardHome","url":"https://www.openagentskill.com/skills/adguardteam-adguardhome","stars":34876,"install_command":"npx skills add AdguardTeam/AdGuardHome","trust_score":92,"audit_score":94},{"slug":"lissy93-web-check","name":"Web Check","url":"https://www.openagentskill.com/skills/lissy93-web-check","stars":33714,"install_command":"npx skills add lissy93/web-check","trust_score":93,"audit_score":95}],"machine_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"thoughtbot-top-secret","name":"Top Secret","description":"Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs.","category":"legal-compliance","url":"https://www.openagentskill.com/skills/thoughtbot-top-secret","repository":"https://github.com/thoughtbot/top_secret","github_repo":"thoughtbot/top_secret"},"suited_tasks":["Security and compliance workflows","Claude Code teams","builders willing to evaluate younger projects","Inspect risky files","Prioritize findings","Explain remediation steps","Extract obligations","Highlight risky clauses"],"suited_agents":["Ruby","Privacy","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add thoughtbot/top_secret","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add thoughtbot/top_secret"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Top Secret\" agent skill from https://github.com/thoughtbot/top_secret. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Top Secret\" as a Claude Code skill from https://github.com/thoughtbot/top_secret. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Top Secret\" from https://github.com/thoughtbot/top_secret into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Filter sensitive information from free text before sending it to external services or APIs, such as chatbots and LLMs."}],"handoff_url":"https://www.openagentskill.com/api/skills/thoughtbot-top-secret/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/thoughtbot-top-secret"},"trust":{"score":78,"label":"Strong shortlist","version":"trust-score-v4","install_policy":"human_review_before_install","evidence":{"stars":"405 GitHub stars","repoActivity":"405 stars, 11 forks","lastPushed":"1mo since push","license":"MIT","repository":"https://github.com/thoughtbot/top_secret","install":"npx skills add thoughtbot/top_secret","installSafety":"standard package or runtime install path","permissionSurface":"secrets or environment access, filesystem or document access","documentation":"Strong README/SKILL.md context","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"success_rate":null,"install_attempts":0,"risk_blocked":0,"setup_required":0,"label":"No agent outcome data yet"},"auto_install":{"allowed":false,"sandbox_required":true,"reason":"Human review or sandbox validation is required before automatic installation."},"best_for":["legal-compliance","privacy","compliance","anonymization","data-anonymization","data-obfuscation"],"known_risks":["Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 405 stars, 11 forks; issue activity unavailable in current metadata","Permission surface: secrets or environment access, filesystem or document access"]},"audit":{"score":82,"risk_level":"needs_review","risk_label":"Needs review","warnings":["Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 405 stars, 11 forks; issue activity unavailable in current metadata","Permission surface: secrets or environment access, filesystem or document access"]},"safety_gate":{"tier":"experimental","label":"Experimental","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Test manually in an isolated workspace and compare against safer alternatives."},"quality":{"score":77,"label":"Strong"},"supply":{"track":"Legal, policy, and compliance","scenario":"Security and compliance","maintenance":"1mo since push","risk":"Needs review"},"alternative_skills":[{"slug":"caddyserver-caddy","name":"Caddy","url":"https://www.openagentskill.com/skills/caddyserver-caddy","stars":73356,"install_command":"npx skills add caddyserver/caddy","trust_score":92,"audit_score":94},{"slug":"raphire-win11debloat","name":"Win11Debloat","url":"https://www.openagentskill.com/skills/raphire-win11debloat","stars":48230,"install_command":"npx skills add Raphire/Win11Debloat","trust_score":93,"audit_score":94},{"slug":"adguardteam-adguardhome","name":"AdGuardHome","url":"https://www.openagentskill.com/skills/adguardteam-adguardhome","stars":34876,"install_command":"npx skills add AdguardTeam/AdGuardHome","trust_score":92,"audit_score":94},{"slug":"lissy93-web-check","name":"Web Check","url":"https://www.openagentskill.com/skills/lissy93-web-check","stars":33714,"install_command":"npx skills add lissy93/web-check","trust_score":93,"audit_score":95}],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No OpenAgentSkill engagement data yet","High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 405 stars, 11 forks; issue activity unavailable in current metadata"],"agent_contract":{"task_input":"Evaluate Top Secret before installing it in an AI agent workflow","recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","install_policy":"review","minimum_review_before_use":["Trust: 78/100 Strong shortlist","Audit: 82/100 Needs review","Safety: 54/100 Avoid automatic install","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"thoughtbot-top-secret (Top Secret)","install_command":"npx skills add thoughtbot/top_secret","risk_summary":"Needs review; Experimental; Review before production","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"endpoints":{"web":"https://www.openagentskill.com/skills/thoughtbot-top-secret","api":"https://www.openagentskill.com/api/agent/skills/thoughtbot-top-secret","audit":"https://www.openagentskill.com/skills/thoughtbot-top-secret/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=thoughtbot-top-secret&task=Evaluate%20Top%20Secret%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Top%20Secret%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium","install":"https://www.openagentskill.com/api/skills/thoughtbot-top-secret/install","manifest":"https://www.openagentskill.com/api/registry/manifest/thoughtbot-top-secret"}},"endpoints":{"web":"https://www.openagentskill.com/skills/thoughtbot-top-secret","api":"https://www.openagentskill.com/api/agent/skills/thoughtbot-top-secret","eval":"https://www.openagentskill.com/api/agent/evals?slug=thoughtbot-top-secret","audit":"https://www.openagentskill.com/skills/thoughtbot-top-secret/audit","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Top%20Secret%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium"}},"meta":{"endpoint":"/api/agent/evals","mode":"skill_eval","purpose":"Pre-install eval contract for a single skill. Agents should read this before installing a reusable skill.","generated_at":"2026-06-23T04:56:01.386Z"}}