Skills
skills/newmanxbt/sealevel-guard/sealevel-guard-review/Gen Agent Trust Hub

sealevel-guard-review

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads verified build metadata from verify.osec.io (OtterSec) and source code archives from codeload.github.com (GitHub). These sources are well-known and reputable services in the blockchain and developer communities.
  • [COMMAND_EXECUTION]: Employs standard system tools including curl for fetching data, tar for extracting archives, and find for navigating source directories. It also invokes the codex CLI tool to run AI-based analysis modules. These commands are necessary for the skill's intended audit functionality.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted source code from external programs.
  • Ingestion points: Data enters via resolve-program-address.mjs (GitHub downloads) and review-program.mjs (local file paths).
  • Boundary markers: The run-specialists.mjs script lacks explicit delimiters or instructions to ignore embedded commands when passing code bundles to specialists.
  • Capability inventory: The skill uses execFileSync and spawnSync for system operations across all scripts including scripts/resolve-program-address.mjs and scripts/review-program.mjs.
  • Sanitization: No sanitization or validation is performed on the content of the ingested source files before they are bundled and processed by the AI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 06:44 AM