Skills
skills/cartridge-gg/docs/controller-native/Gen Agent Trust Hub

controller-native

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (LOW): The skill implements a deep-link listener that processes external URL data, creating a surface for indirect prompt injection. Evidence: Ingestion point (event.url in Capacitor listener); Boundary markers (none in snippets); Capability inventory (blockchain transaction execution via session.executeFromOutside); Sanitization (none shown in integration code).
  • [EXTERNAL_DOWNLOADS] (LOW): The skill references and requires installation of external packages from the @cartridge and @capacitor scopes. These are necessary for the primary purpose of the skill but involve fetching code from non-whitelisted sources.
  • [SAFE] (SAFE): Automated scanner alerts for 'event.url.in' are false positives. The scanner misidentified the JavaScript code 'event.url.includes' as a malicious domain.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:33 PM