controller-cli
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the official installation script for the Cartridge Controller CLI.
- Evidence: The
SKILL.mdfile contains instructions to download the installer fromhttps://raw.githubusercontent.com/cartridge-gg/controller-cli/main/install.sh. - [REMOTE_CODE_EXECUTION]: The skill instructs the user/agent to execute a remote script via pipe to bash, which is the official installation method for the vendor tool.
- Evidence:
curl -fsSL https://raw.githubusercontent.com/cartridge-gg/controller-cli/main/install.sh | bashinSKILL.md. - [COMMAND_EXECUTION]: The
controller_safe.pyscript executes thecontrollerbinary using system calls. - Evidence: Uses
subprocess.run(["controller", subcmd, *args], ...)which safely handles arguments as a list, preventing shell injection. - [PROMPT_INJECTION]: The skill processes blockchain data and CLI outputs that could theoretically contain indirect instructions.
- Ingestion points:
scripts/controller_safe.pyingests and parses the stdout of thecontrollerCLI tool. - Boundary markers: The skill enforces
--jsonto ensure structured data parsing, though it does not use explicit NL delimiters. - Capability inventory: The skill has the capability to execute shell commands (Bash) and initiate blockchain transactions.
- Sanitization: The script
scripts/controller_safe.pyvalidates that output is valid JSON and checks for specificerror_codefields before proceeding. Thescripts/validate_hex_address.pyscript ensures contract addresses follow a strict hex format.
Audit Metadata