turbo-transforms
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill references the use of the
goldskyCLI for pipeline validation and data inspection (e.g.,goldsky turbo validateandgoldsky turbo inspect). These commands are standard tools provided by the vendor for developers. - [EXTERNAL_DOWNLOADS]: The
fetch_abifunction allows the pipeline to download ABI and IDL definitions from remote URLs at runtime. This is a core requirement for decoding blockchain event logs and instructions. - [DATA_EXFILTRATION]: The
handlertransform type enables sending pipeline records to external HTTP endpoints for enrichment. This involves outbound network communication with user-defined services. - [CREDENTIALS_UNSAFE]: The skill uses the
secret_nameparameter to reference credentials for database sinks and HTTP handlers. This practice promotes the use of the platform's secret management system instead of hardcoding sensitive information. - [REMOTE_CODE_EXECUTION]: The
type: scripttransform allows the execution of custom TypeScript logic within a WASM-based sandbox. The environment is restricted, with no access to the network or external imports. - [PROMPT_INJECTION]: The skill processes untrusted data from blockchain sources (logs and transactions). It mitigates potential indirect injection risks by using structured decoding with ABIs and IDLs.
- Ingestion points: Raw blockchain data sources such as
base.logsandsolana.transactions_with_instructions. - Boundary markers: The system uses structured schema definitions (ABIs/IDLs) which act as a validation layer for incoming data.
- Capability inventory: The skill facilitates CLI execution, network fetching, and sandboxed scripting.
- Sanitization: Decoding functions like
_gs_log_decodeenforce schema validation on the processed data.
Audit Metadata