Skills
skills/proxygate-official/proxygate/pg-buy/Gen Agent Trust Hub

pg-buy

Pass

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from external API responses and streaming Server-Sent Events (SSE).
  • Ingestion points: API responses returned by the proxygate proxy command and client.proxy SDK method.
  • Boundary markers: No explicit delimiters or isolation instructions for upstream content are present.
  • Capability inventory: The skill can execute proxygate CLI commands, sign Solana transactions, and read the local filesystem.
  • Sanitization: No sanitization or validation of the upstream API content is documented.
  • [CREDENTIALS_UNSAFE]: The skill accesses the Solana wallet keypair file located at ~/.proxygate/keypair.json. This file contains the private key used for authorizing financial transactions on the Solana network.
  • [COMMAND_EXECUTION]: The skill invokes the proxygate CLI to perform operations such as managing balances, depositing funds, and initiating proxy requests.
  • [EXTERNAL_DOWNLOADS]: The programmatic implementation utilizes the @proxygate/sdk Node.js package for interaction with the ProxyGate infrastructure.
  • [DATA_EXFILTRATION]: The skill transmits request data and receives responses from the ProxyGate gateway at https://gateway.proxygate.ai.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 21, 2026, 09:49 PM