Trust Score & Risk Levels
Trust Score Calculation
Formula
Trust Score = 100
- (CRITICAL_findings × 25)
- (HIGH_findings × 15)
- (MEDIUM_findings × 5)
- (LOW_findings × 1)
- (Honeypot_access: -40)
- (Undeclared_network: min(-25, count × -10))
- (Sensitive_file_access: min(-20, count × -5))
- (Blocked_syscalls: min(-15, count × -3))
Result capped at [0, 100]
Starting Point: 100 (perfect trust)
Method: Deductive - subtract points for findings
Important: Findings marked meta_false_positive: true are SKIPPED!
| Finding Type | Deduction | Rationale |
|---|---|---|
| CRITICAL finding | -25 | Immediate exploit, significant impact |
| HIGH finding | -15 | Serious risk requiring immediate attention |
| MEDIUM finding | -5 | Security concern requiring review |
| LOW finding | -1 | Minor issue, informational |
| Honeypot accessed | -40 | Credential theft attempt detected |
| Undeclared network | -10 each (max -25) | Network call not in manifest |
| Sensitive file access | -5 each (max -20) | Credential file access |
| Blocked syscall | -3 each (max -15) | Dangerous system calls |
Risk Level Determination
Risk levels are determined solely by trust score thresholds:
- →LOW (80-100): No CRITICAL or HIGH findings. Safe to use.
- →MEDIUM (60-79): May have MEDIUM findings. Review before use.
- →HIGH (40-59): Has HIGH findings or multiple MEDIUM. Fix required.
- →CRITICAL (0-39): Has CRITICAL findings. Do not deploy.
Example Calculations
Safe Skill
Findings:None
Calculation:100 - 0 = 100
Trust Score:100
Risk Level:low
Minor Issues
Findings:1 MEDIUM, 2 LOW
Calculation:100 - (1 × 5) - (2 × 1) = 93
Trust Score:93
Risk Level:low
Critical Threats
Findings:2 CRITICAL, 1 HIGH
Calculation:100 - (2 × 25) - (1 × 15) = 35
Trust Score:35
Risk Level:critical
Multi-Stage Attack
Findings:1 CRITICAL, 2 HIGH, Honeypot triggered
Calculation:100 - 25 - (2 × 15) - 40 = 5
Trust Score:5
Risk Level:critical