turbo-builder
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local environment using the vendor's official CLI tool (
goldsky). It executes commands to manage the development lifecycle of data pipelines: goldsky project list: Used to verify authentication status and identify the active project context.goldsky secret list: Used to check for the existence of required credentials before configuring database sinks.goldsky turbo validate: Validates the generated YAML configuration files locally before deployment.goldsky turbo apply: Deploys the finalized pipeline configuration to the Goldsky infrastructure.goldsky turbo listandgoldsky turbo inspect: Used to monitor and verify the status of deployed pipelines.- [DATA_EXPOSURE]: The skill accesses sensitive information by listing project secrets (
goldsky secret list). This behavior is restricted to verifying that necessary sink credentials (e.g., for PostgreSQL or ClickHouse) are available, which is a required step for the skill's primary purpose of pipeline construction. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided descriptions to generate configuration files and SQL transforms. It implements clear boundary markers through its step-by-step workflow and provides a validation step (
goldsky turbo validate) to ensure the integrity of the generated configuration before any deployment action is taken.
Audit Metadata