Skills
skills/flux-point-studios/cardano-agent-skills/cardano-cli-plutus-scripts-operator/Gen Agent Trust Hub

cardano-cli-plutus-scripts-operator

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION] (MEDIUM): The workflow references payment.skey, a Cardano signing key. Accessing private keys is a high-risk operation. The severity is downgraded from HIGH to MEDIUM because this access is fundamental to the skill's primary purpose of signing transactions.
  • [COMMAND_EXECUTION] (SAFE): The skill utilizes cardano-cli, cat, and jq to construct and submit blockchain transactions. These tools are necessary for the skill's functionality and are used within a structured manual workflow with explicit human confirmation required.
  • [INDIRECT_PROMPT_INJECTION] (LOW): Vulnerability surface detected.
  • Ingestion points: Files like redeemer.json, script.plutus, and cost.json are read into the environment.
  • Boundary markers: Absent; there are no specific markers separating untrusted data from the command context.
  • Capability inventory: Full access to cardano-cli transaction building and submission commands.
  • Sanitization: No input validation or sanitization is performed on the JSON content before it is passed to the CLI.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:13 PM