Super Agent Skill vs untested marketplace prompts
Prompt marketplaces have multiplied, but most are storefronts: listings, ratings, a buy button. Ratings measure whether buyers liked the output on a sunny day — not whether the prompt survives a hostile one. Here is what separates a tested skill registry from an untested prompt store.
Ratings are not security reviews
A five-star prompt can still be trivially injectable. Reviews are written by users running friendly inputs; attackers do not leave reviews. Marketplaces that rank purely on popularity systematically overweight demo quality and underweight robustness, because robustness is invisible until it fails.
Super Agent Skill publishes an adversarial pass rate for every skill, produced by an attacker LLM that actively attempts injection, exfiltration, and instruction-override attacks, scored by a judge LLM. That number is 45% of the Trust Score — the largest single component — precisely because it is the thing star ratings cannot see.
Tamper-evidence and re-testing
On an untested marketplace, the prompt you download today may differ from the one that earned its reviews, and nothing will tell you. Skills here are Ed25519-signed: content is cryptographically bound to the author, and any modification breaks verification. You can confirm this yourself, offline, with npm run trust:verify.
Testing is also not a one-time stamp. SkillForge re-runs adversarial evaluations over time, so scores reflect current behavior against current models. The Trust Score is a public, reproducible formula: adversarial test results count for 45%, real-world success telemetry for 20%, signing status for 10%, package age for 15%, and schema validity for 10%. Nothing is editorially assigned, and anyone can recompute a score offline with npm run trust:verify.
What this means for buyers
Instead of guessing from screenshots and testimonials, you compare skills on published, recomputable numbers: adversarial pass rate, real-world success telemetry, signing status, age, and schema validity. Install is a single MCP URL or an npx command, so trying the top two candidates side by side takes minutes.
The verdict
If a marketplace can't show you an adversarial pass rate and a signature, it is selling text files with a checkout flow. Demand testing you can verify.
Frequently asked questions
What does 'adversarial testing' actually involve?
An attacker LLM generates hostile inputs — prompt injection, jailbreak framing, data-exfiltration attempts — against the skill, and a judge LLM scores whether the skill held its constraints. The pass rate is published on the listing.
Can a skill's score go down after publication?
Yes. SkillForge re-tests skills over time, and the Trust Score reflects the latest results rather than the launch-day snapshot.
Why should I trust the Trust Score?
You don't have to take it on faith. The formula is public (adversarial 45%, real success 20%, signing 10%, age 15%, schema 10%) and npm run trust:verify recomputes it offline from the underlying data.
Every listing shows its Trust Score, adversarial pass rate, and Ed25519 signing status.
One URL installs the marketplace into any MCP-capable agent. No SDK, no migration.
Want to audit us? Run npm run trust:verify to recompute any Trust Score and verify signatures offline.