hydra-head-troubleshooter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references and executes the Docker image
ghcr.io/cardano-scaling/hydra-node. While this is the official image for the protocol, it represents a remote dependency pulled at runtime. - [COMMAND_EXECUTION] (LOW): The
scripts/hydra-node.shwrapper script usesexecto pass arguments directly to the container or local binary. This allows the agent to control CLI parameters, which is the intended purpose but grants broad tool access. - [DATA_EXPOSURE] (LOW): Troubleshooting steps involve operations on sensitive file paths such as
cardano.sk(private signing keys). The skill contains explicit instructions for the agent to avoid reading the actual key contents, which mitigates the risk of accidental exposure. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill is designed to process external data that could be controlled by an attacker if a node is compromised.
- Ingestion points: Node logs (
hydra-node.log) and API responses fromcurlcommands to local or peer health endpoints. - Boundary markers: None; the agent processes raw grep/curl output directly.
- Capability inventory: File system access, network requests via
curl, and Docker command execution. - Sanitization: No sanitization or escaping is performed on log entries before the agent interprets them.
Audit Metadata