Skills
skills/jettyio/agent-skill/jetty-setup/Gen Agent Trust Hub

jetty-setup

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl for interacting with vendor APIs and python3 for parsing JSON response data.
  • [CREDENTIALS_UNSAFE]: The skill manages sensitive API keys for Jetty and AI providers (OpenAI/Gemini).
  • It stores the Jetty API token in a local CLAUDE.md file for use in subsequent sessions.
  • It transmits provider API keys to Jetty's servers at dock.jetty.io to store them in collection environment variables.
  • [EXTERNAL_DOWNLOADS]: The skill fetches a generated image from the flows-api.jetty.io API and saves it to the local project directory.
  • [PROMPT_INJECTION]: The skill processes data from external sources that could potentially contain malicious instructions.
  • Ingestion points: Reads tokens from the local CLAUDE.md file and status data from the Jetty API.
  • Boundary markers: No specific delimiters or "ignore previous instruction" warnings are used when interpolating these values.
  • Capability inventory: The skill possesses Bash (network and command execution) and Write (filesystem access) capabilities.
  • Sanitization: The skill employs Python's json module to parse structured data from API responses, which helps prevent direct execution of malicious payloads embedded in strings.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 02:03 AM