cardano-devnet-in-a-box
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill clones the 'cardano-scaling/hydra' repository at runtime. This organization is not included in the 'Trusted GitHub Organizations' list, making it an unverifiable external dependency.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill executes shell scripts ('prepare-devnet.sh', 'seed-devnet.sh') directly from the cloned external repository. This pattern allows for arbitrary code execution on the host or inside containers if the remote repository is compromised.
- [COMMAND_EXECUTION] (MEDIUM): The skill documentation and metadata describe operations using 'docker compose exec -u root' to gain administrative access and 'chmod a+w' to modify filesystem permissions, which are high-privilege operations.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill demonstrates a High Capability Tier vulnerability surface. Evidence: 1. Ingestion point: 'git clone' of the Hydra repository. 2. Boundary markers: None detected. 3. Capability inventory: Execution of external bash scripts and root-level Docker commands. 4. Sanitization: No validation or filtering of the external script content is performed before execution.
Recommendations
- AI detected serious security threats
Audit Metadata