Skills
skills/goldsky-io/goldsky-agent/compose/Gen Agent Trust Hub

compose

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches an installation script from the vendor's official domain (goldsky.com).
  • [REMOTE_CODE_EXECUTION]: Executes a remote script via curl https://goldsky.com | sh to install the vendor's CLI tool, following the official product documentation.
  • [COMMAND_EXECUTION]: Utilizes the goldsky CLI tool for application lifecycle management, including initialization, local development, and deployment.
  • [PROMPT_INJECTION]: The skill ingests user-provided manifests and source code, creating a surface for indirect prompt injection.
  • Ingestion points: Manifest files (compose.yaml), TypeScript task files (src/tasks/*.ts), and contract ABI JSON files referenced in SKILL.md.
  • Boundary markers: Absent in the provided instructions.
  • Capability inventory: Shell command execution via the goldsky CLI tool documented in SKILL.md.
  • Sanitization: No explicit validation or sanitization mechanisms for the external files are mentioned in the skill.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 09:37 PM