cardano-protocol-params
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The script
scripts/cardano-cli.shis configured to pull and run the Docker imageghcr.io/intersectmbo/cardano-node:latestby default. While this is the standard repository for Cardano community-maintained tools, the organizationintersectmbois not on the predefined list of trusted GitHub organizations. - COMMAND_EXECUTION (LOW): The skill requests and uses the
Bashtool to executecardano-clianddocker. The wrapper script passes all user-provided arguments directly to the executable viaexec. This is standard for a CLI wrapper but grants the agent command execution capabilities within the scope of the tool. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests data from external sources (Cardano node query results and local JSON files) which are then processed by tools like
jq. - Ingestion points: Local file
pparams.jsonand direct output fromcardano-cli querycommands. - Boundary markers: None used. The skill treats the output of the CLI and contents of the files as trusted data.
- Capability inventory: The skill has file-read, file-write (outputting
pparams.json), and arbitrarycardano-clicommand execution. - Sanitization: No sanitization or validation is performed on the protocol parameter data before it is presented to the agent or processed.
Audit Metadata