mesh-core-cst
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill documentation instructs users to install
@meshsdk/core-cstand@meshsdk/corevia npm. These packages originate from an organization not present on the trusted GitHub organizations list. This is flagged as a minor concern as it is the primary purpose of the skill. - PROMPT_INJECTION (SAFE): No evidence of prompt injection patterns, bypass markers, or instructions to ignore safety protocols was found.
- CREDENTIALS_UNSAFE (SAFE): The skill contains examples for handling private keys and signatures but does not include any hardcoded credentials, API keys, or secrets. All examples use standard placeholders.
- DATA_EXFILTRATION (SAFE): There are no patterns of unauthorized data access, sensitive file reads, or network exfiltration.
- REMOTE_CODE_EXECUTION (SAFE): No scripts or instructions for downloading and executing remote code (e.g., piped bash scripts) were identified.
- NO_CODE (SAFE): The skill consists entirely of markdown documentation and code snippets for reference; it does not include executable logic for the AI agent to run autonomously.
Audit Metadata