{"eval":{"version":"openagentskill-skill-eval-v1","slug":"trufflesecurity-force-push-scanner","name":"Force Push Scanner","generated_at":"2026-07-03T23:02:08.839Z","task_input":"Evaluate Force Push Scanner before installing it in an AI agent workflow","status":"review","score":68,"risk_level":"medium","decision":{"recommendation":"manual_review","reason":"Test manually in an isolated workspace and compare against safer alternatives.","auto_install_allowed":false,"policy":"review","human_review_required":true},"task_fit":{"score":94,"suited_tasks":["Security and compliance workflows","Claude Code teams","builders willing to evaluate younger projects","Inspect risky files","Prioritize findings","Explain remediation steps","Inspect source files","Explain architecture"],"suited_agents":["Python","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"]},"install":{"command":"npx skills add trufflesecurity/force-push-scanner","ready":true,"policy":"review","safety_label":"Avoid automatic install","targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add trufflesecurity/force-push-scanner"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Force Push Scanner\" agent skill from https://github.com/trufflesecurity/force-push-scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Scan for secrets in dangling commits on GitHub using GH Archive data."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Force Push Scanner\" as a Claude Code skill from https://github.com/trufflesecurity/force-push-scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Scan for secrets in dangling commits on GitHub using GH Archive data."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Force Push Scanner\" from https://github.com/trufflesecurity/force-push-scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Scan for secrets in dangling commits on GitHub using GH Archive data."}]},"trust":{"score":72,"label":"Strong shortlist","version":"trust-score-v4","evidence":{"stars":"479 GitHub stars","repoActivity":"479 stars, 38 forks","lastPushed":"1y since push","license":"AGPL-3.0","repository":"https://github.com/trufflesecurity/force-push-scanner","install":"npx skills add trufflesecurity/force-push-scanner","installSafety":"standard package or runtime install path","permissionSurface":"secrets or environment access, filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"}},"audit":{"score":73,"risk_level":"needs_review","risk_label":"Needs review","warnings":["Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 479 stars, 38 forks; issue activity unavailable in current metadata","Permission surface: secrets or environment access, filesystem or document access"]},"safety_gate":{"score":45,"tier":"experimental","label":"Experimental","auto_install_policy":"review","blocked":false,"permission_hints":[{"id":"network","label":"Network access","reason":"Skill likely fetches remote pages, APIs, repositories, or external services.","severity":"medium"},{"id":"filesystem","label":"Filesystem access","reason":"Skill may read or write project files, documents, generated artifacts, or local workspace state.","severity":"medium"},{"id":"secrets","label":"Secrets or environment access","reason":"Skill metadata references credentials, tokens, environment variables, or secret-bearing workflows.","severity":"high"}],"policy_warnings":["High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing"]},"checks":[{"id":"task_fit","label":"Task fit","status":"pass","score":94,"required_for_auto_install":true,"detail":"Task wording matches this skill metadata.","evidence":["Evaluate Force Push Scanner before installing it in an AI agent workflow","security","Security and compliance workflows; Claude Code teams; builders willing to evaluate younger projects"]},{"id":"install_path","label":"Install path","status":"pass","score":92,"required_for_auto_install":true,"detail":"Install handoff is available.","evidence":["npx skills add trufflesecurity/force-push-scanner"]},{"id":"install_safety","label":"Install command safety","status":"pass","score":92,"required_for_auto_install":true,"detail":"standard package or runtime install path","evidence":["npx skills add trufflesecurity/force-push-scanner"]},{"id":"trust_score","label":"Trust score","status":"warn","score":72,"required_for_auto_install":true,"detail":"Good trust signals with a few areas worth checking before rollout.","evidence":["Strong shortlist","479 GitHub stars","AGPL-3.0"]},{"id":"audit_score","label":"Audit score","status":"warn","score":73,"required_for_auto_install":true,"detail":"Needs review","evidence":["Permission surface may require sandboxing"]},{"id":"agent_safety_gate","label":"Agent safety gate","status":"warn","score":45,"required_for_auto_install":true,"detail":"Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","evidence":["Test manually in an isolated workspace and compare against safer alternatives.","High-risk permission hints: Secrets or environment access"]},{"id":"readme_skillmd_completeness","label":"README/SKILL.md completeness","status":"warn","score":74,"required_for_auto_install":false,"detail":"Public metadata needs stronger README/SKILL.md context","evidence":["Usable metadata, review docs"]},{"id":"license_clarity","label":"License clarity","status":"pass","score":86,"required_for_auto_install":true,"detail":"AGPL-3.0","evidence":["AGPL-3.0"]},{"id":"recent_maintenance","label":"Recent maintenance","status":"warn","score":62,"required_for_auto_install":false,"detail":"1y since push","evidence":["1y since push"]},{"id":"permission_surface","label":"Permission surface","status":"warn","score":60,"required_for_auto_install":true,"detail":"secrets or environment access, filesystem or document access","evidence":["Network access: medium","Filesystem access: medium","Secrets or environment access: high"]},{"id":"alternatives","label":"Alternatives available","status":"pass","score":82,"required_for_auto_install":false,"detail":"Alternative skills are available for comparison.","evidence":["soxoj-maigret","projectdiscovery-nuclei","infisical-infisical","wazuh-wazuh"]}],"blockers":[],"warnings":["Trust score: Good trust signals with a few areas worth checking before rollout.","Audit score: Needs review","Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation.","README/SKILL.md completeness: Public metadata needs stronger README/SKILL.md context","Recent maintenance: 1y since push","Permission surface: secrets or environment access, filesystem or document access","High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 479 stars, 38 forks; issue activity unavailable in current metadata"],"validation_plan":["Inspect repository, README/SKILL.md, license, and recent commits before production use.","Install in an isolated workspace or sandbox with no production secrets available.","Run the smallest representative task and record files touched, commands run, network access, and outputs.","Compare the selected skill against at least one alternative when the eval status is review or failed.","Promote only after the agent reports a successful verification result and unresolved warnings are accepted."],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 479 stars, 38 forks; issue activity unavailable in current metadata"],"alternatives":[{"slug":"soxoj-maigret","name":"Maigret","url":"https://www.openagentskill.com/skills/soxoj-maigret","stars":32920,"install_command":"npx skills add soxoj/maigret","trust_score":88,"audit_score":92},{"slug":"projectdiscovery-nuclei","name":"Nuclei","url":"https://www.openagentskill.com/skills/projectdiscovery-nuclei","stars":29159,"install_command":"npx skills add projectdiscovery/nuclei","trust_score":93,"audit_score":95},{"slug":"infisical-infisical","name":"Infisical","url":"https://www.openagentskill.com/skills/infisical-infisical","stars":27445,"install_command":"npx skills add Infisical/infisical","trust_score":83,"audit_score":89},{"slug":"wazuh-wazuh","name":"Wazuh","url":"https://www.openagentskill.com/skills/wazuh-wazuh","stars":15852,"install_command":"npx skills add wazuh/wazuh","trust_score":89,"audit_score":92}],"machine_metadata":{"version":"openagentskill-agent-metadata-v2","skill":{"slug":"trufflesecurity-force-push-scanner","name":"Force Push Scanner","description":"Scan for secrets in dangling commits on GitHub using GH Archive data.","category":"security","url":"https://www.openagentskill.com/skills/trufflesecurity-force-push-scanner","repository":"https://github.com/trufflesecurity/force-push-scanner","github_repo":"trufflesecurity/force-push-scanner"},"suited_tasks":["Security and compliance workflows","Claude Code teams","builders willing to evaluate younger projects","Inspect risky files","Prioritize findings","Explain remediation steps","Inspect source files","Explain architecture"],"suited_agents":["Python","Security","Codex","Claude Code","Cursor","OpenAgentSkill CLI","CLI"],"install":{"command":"npx skills add trufflesecurity/force-push-scanner","ready":true,"targets":[{"id":"openagentskill-cli","label":"CLI","kind":"command","value":"npx skills add trufflesecurity/force-push-scanner"},{"id":"codex","label":"Codex","kind":"agent-prompt","value":"Install the \"Force Push Scanner\" agent skill from https://github.com/trufflesecurity/force-push-scanner. Read its SKILL.md or equivalent instructions first, install only the files needed for this workspace, and summarize any required setup before using it. Skill purpose: Scan for secrets in dangling commits on GitHub using GH Archive data."},{"id":"claude-code","label":"Claude Code","kind":"agent-prompt","value":"Add \"Force Push Scanner\" as a Claude Code skill from https://github.com/trufflesecurity/force-push-scanner. Inspect the skill instructions, place the reusable skill files in the appropriate local skills location for this project, and report the activation steps. Skill purpose: Scan for secrets in dangling commits on GitHub using GH Archive data."},{"id":"cursor","label":"Cursor","kind":"agent-prompt","value":"Turn \"Force Push Scanner\" from https://github.com/trufflesecurity/force-push-scanner into a reusable Cursor project rule or agent instruction. Preserve the core workflow, adapt paths to this repo, and keep the rule scoped to tasks where it is relevant. Skill purpose: Scan for secrets in dangling commits on GitHub using GH Archive data."}],"handoff_url":"https://www.openagentskill.com/api/skills/trufflesecurity-force-push-scanner/install","manifest_url":"https://www.openagentskill.com/api/registry/manifest/trufflesecurity-force-push-scanner"},"trust":{"score":72,"label":"Strong shortlist","version":"trust-score-v4","install_policy":"human_review_before_install","evidence":{"stars":"479 GitHub stars","repoActivity":"479 stars, 38 forks","lastPushed":"1y since push","license":"AGPL-3.0","repository":"https://github.com/trufflesecurity/force-push-scanner","install":"npx skills add trufflesecurity/force-push-scanner","installSafety":"standard package or runtime install path","permissionSurface":"secrets or environment access, filesystem or document access","documentation":"Usable metadata, review docs","agentOutcomes":"No agent outcome data yet"},"outcome_evidence":{"total":0,"successes":0,"failures":0,"not_relevant":0,"success_rate":null,"recent_success_rate":null,"recent_failure_rate":null,"install_attempts":0,"install_success_rate":null,"risk_blocked":0,"setup_required":0,"avg_output_quality":null,"production_outcomes":0,"last_outcome_at":null,"label":"No agent outcome data yet"},"auto_install":{"allowed":false,"sandbox_required":true,"reason":"Human review or sandbox validation is required before automatic installation."},"best_for":["security","secret-scanning","dangling-commits","force-push","gharchive","secrets"],"known_risks":["Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 479 stars, 38 forks; issue activity unavailable in current metadata","Permission surface: secrets or environment access, filesystem or document access"]},"agent_proven":{"version":"agent-proven-v1","score":0,"tier":"unproven","label":"Needs first agent run","summary":"No agent outcome reports yet. Use Resolve, run one narrow sandbox task, then report the result.","metrics":{"totalOutcomes":0,"successfulOutcomes":0,"failedOutcomes":0,"installAttempts":0,"installSuccessRate":null,"successRate":null,"recentSuccessRate":null,"recentFailureRate":null,"riskBlocked":0,"setupRequired":0,"notRelevant":0,"avgOutputQuality":null,"avgTimeToUsefulMs":null,"productionOutcomes":0,"humanReviewRequired":0,"uniqueAgents":0,"lastOutcomeAt":null},"signals":[],"penalties":["No real agent outcome evidence yet"]},"audit":{"score":73,"risk_level":"needs_review","risk_label":"Needs review","warnings":["Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 479 stars, 38 forks; issue activity unavailable in current metadata","Permission surface: secrets or environment access, filesystem or document access"]},"safety_gate":{"tier":"experimental","label":"Experimental","auto_install_policy":"review","auto_install_allowed":false,"human_review_required":true,"blocked":false,"recommended_action":"Test manually in an isolated workspace and compare against safer alternatives."},"quality":{"score":66,"label":"Promising"},"supply":{"track":"Coding and developer agents","scenario":"Coding agents","maintenance":"1y since push","risk":"Needs review"},"alternative_skills":[{"slug":"soxoj-maigret","name":"Maigret","url":"https://www.openagentskill.com/skills/soxoj-maigret","stars":32920,"install_command":"npx skills add soxoj/maigret","trust_score":88,"audit_score":92},{"slug":"projectdiscovery-nuclei","name":"Nuclei","url":"https://www.openagentskill.com/skills/projectdiscovery-nuclei","stars":29159,"install_command":"npx skills add projectdiscovery/nuclei","trust_score":93,"audit_score":95},{"slug":"infisical-infisical","name":"Infisical","url":"https://www.openagentskill.com/skills/infisical-infisical","stars":27445,"install_command":"npx skills add Infisical/infisical","trust_score":83,"audit_score":89},{"slug":"wazuh-wazuh","name":"Wazuh","url":"https://www.openagentskill.com/skills/wazuh-wazuh","stars":15852,"install_command":"npx skills add wazuh/wazuh","trust_score":89,"audit_score":92}],"do_not_use_when":["teams that need a vendor-supported SLA","high-compliance environments without internal security review","No major risk signals from current metadata","High-risk permission hints: Secrets or environment access","Permission surface may require sandboxing","Quality score needs review","Permission surface needs review: secrets or environment access, filesystem or document access","Stars/forks activity: 479 stars, 38 forks; issue activity unavailable in current metadata"],"agent_contract":{"task_input":"Evaluate Force Push Scanner before installing it in an AI agent workflow","recommended_action":"Test manually in an isolated workspace and compare against safer alternatives.","install_policy":"review","minimum_review_before_use":["Trust: 72/100 Strong shortlist","Audit: 73/100 Needs review","Safety: 45/100 Avoid automatic install","Review repository, license, install command, and permission surface before production use."],"expected_agent_output":{"selected_skill":"trufflesecurity-force-push-scanner (Force Push Scanner)","install_command":"npx skills add trufflesecurity/force-push-scanner","risk_summary":"Needs review; Experimental; Review before production","verification_result":"Report the smallest successful task, files touched, warnings, and any missing setup."}},"outcome_feedback":{"endpoint":"https://www.openagentskill.com/api/agent/outcome","method":"POST","requires_resolve_event_id":true,"event_id_source":"Use install_receipt.outcome_feedback.event_id or feedback.event_id returned by /api/agent/resolve for the current task.","expected_outcomes":["success","failed","not_relevant","blocked_by_risk","setup_required"],"payload_template":{"event_id":"<install_receipt.outcome_feedback.event_id or feedback.event_id from /api/agent/resolve>","skill_slug":"trufflesecurity-force-push-scanner","task":"Evaluate Force Push Scanner before installing it in an AI agent workflow","agent":"codex","outcome":"success","install_used":true,"risk_blocked":false,"setup_required":false,"task_success":true,"output_quality":4,"error_type":null,"human_review_required":false,"workspace":"sandbox","time_to_useful_ms":120000,"notes":"Report the smallest successful task, setup friction, files touched, and risk notes."}},"endpoints":{"web":"https://www.openagentskill.com/skills/trufflesecurity-force-push-scanner","api":"https://www.openagentskill.com/api/agent/skills/trufflesecurity-force-push-scanner","audit":"https://www.openagentskill.com/skills/trufflesecurity-force-push-scanner/audit","eval":"https://www.openagentskill.com/api/agent/evals?slug=trufflesecurity-force-push-scanner&task=Evaluate%20Force%20Push%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&max_risk=medium","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Force%20Push%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium","receipt":"https://www.openagentskill.com/api/agent/receipt?task=Evaluate%20Force%20Push%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium&format=text","install":"https://www.openagentskill.com/api/skills/trufflesecurity-force-push-scanner/install","manifest":"https://www.openagentskill.com/api/registry/manifest/trufflesecurity-force-push-scanner"}},"endpoints":{"web":"https://www.openagentskill.com/skills/trufflesecurity-force-push-scanner","api":"https://www.openagentskill.com/api/agent/skills/trufflesecurity-force-push-scanner","eval":"https://www.openagentskill.com/api/agent/evals?slug=trufflesecurity-force-push-scanner","audit":"https://www.openagentskill.com/skills/trufflesecurity-force-push-scanner/audit","resolve":"https://www.openagentskill.com/api/agent/resolve?task=Evaluate%20Force%20Push%20Scanner%20before%20installing%20it%20in%20an%20AI%20agent%20workflow&agent=codex&max_risk=medium"}},"meta":{"endpoint":"/api/agent/evals","mode":"skill_eval","purpose":"Pre-install eval contract for a single skill. Agents should read this before installing a reusable skill.","generated_at":"2026-07-03T23:02:08.839Z"}}