Skills
skills/aibtcdev/skills/stacking-delegation/Gen Agent Trust Hub

stacking-delegation

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The install-packs command executes bun add commander to install the required CLI dependency. The command is static and does not accept user-supplied arguments, preventing command injection.\n- [EXTERNAL_DOWNLOADS]: The skill communicates with the Hiro API (api.hiro.so), which is a well-known service for the Stacks ecosystem, to retrieve stacking and reward data.\n- [PROMPT_INJECTION]: The skill processes external data from the Hiro API which is then presented to the agent.\n
  • Ingestion points: Data enters the agent's context through the Hiro API in stacking-delegation.ts.\n
  • Boundary markers: No explicit markers are used to delimit the external data.\n
  • Capability inventory: The skill can execute shell commands via Bun.spawnSync for package installation.\n
  • Sanitization: The skill parses API responses as JSON and performs numeric conversions before reporting values.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 03:03 PM