cardano-cli-doctor
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Metadata requests installation of system utilities (curl, docker, colima) via Homebrew which requires elevated privileges.
- REMOTE_CODE_EXECUTION (MEDIUM):
scripts/cardano-cli.shpulls and executes theghcr.io/intersectmbo/cardano-nodeimage. While this is the official Cardano repository, the organization is not on the trusted whitelist. - COMMAND_EXECUTION (MEDIUM): Wrapper scripts enable the agent to run arbitrary
cardano-clicommands using pass-through arguments ($@), providing a significant execution capability. - DATA_EXFILTRATION (LOW): The Docker wrapper mounts the current working directory (
$PWD) and node socket directories into the container, allowing for potential file exposure or manipulation. - PROMPT_INJECTION (MEDIUM): The skill ingests un-sanitized output from command help text and version info into the agent context (SKILL.md context and scripts/cardano-cli-doctor.sh). Evidence: 1. Ingestion point: cardano-cli help output; 2. Boundary markers: Absent; 3. Capability inventory: Bash execution; 4. Sanitization: Absent.
Audit Metadata