Skills
skills/goldsky-io/goldsky-agent/subgraphs/Gen Agent Trust Hub

subgraphs

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the CLI installation script from the official vendor domain (goldsky.com).
  • [REMOTE_CODE_EXECUTION]: Provides an installation command that pipes a remote script from the official vendor website directly to the shell (curl | sh).
  • [COMMAND_EXECUTION]: Contains numerous commands for the goldsky CLI to manage subgraphs, including initialization, deployment, log tailing, and webhook management.
  • [INDIRECT_PROMPT_INJECTION]: The skill describes commands that ingest data from external sources which could potentially contain malicious instructions.
  • Ingestion points: The goldsky subgraph deploy command in SKILL.md accepts data from external URLs (--from-url), IPFS hashes (--from-ipfs-hash), and local ABI files (--from-abi).
  • Boundary markers: No specific boundary markers or instruction-ignoring warnings are mentioned in the documentation for processed external data.
  • Capability inventory: The skill utilizes the goldsky CLI which has capabilities to write files, perform network operations, and modify subgraph configurations.
  • Sanitization: No sanitization or validation steps for external content are described in the provided documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 11:54 AM