maestro
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs HTTP GET and POST requests to user-defined SYMPHONY_BASE_URL and BITCOIND_RPC_URL endpoints to retrieve blockchain state, address balances, and transaction counts.
- [COMMAND_EXECUTION]: Orchestrates system calls to curl and jq through bash scripts to validate API liveness and parse block heights for freshness checks.
- [PROMPT_INJECTION]: Ingests external JSON data from the Symphony API (Ingestion points: scripts/check-symphony-prereqs.sh line 19; Boundary markers: None; Capability inventory: process:spawn, http:outbound; Sanitization: None). While this constitutes a potential indirect prompt injection surface, the behavior is localized to parsing blockchain heights and is standard for the skill's operational purpose.
Audit Metadata