pg-setup
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages Solana keypairs at
~/.config/solana/id.jsonand~/.proxygate/keypair.json. These files contain private keys providing full control over cryptocurrency funds and identity. - [EXTERNAL_DOWNLOADS]: The skill performs global installation of the
@proxygate/clipackage from the npm registry and downloads additional functional components from the ProxyGate gateway. - [REMOTE_CODE_EXECUTION]: The
proxygate skills installcommand downloads and installs new code into the agent's skills directory. It also registers aSessionStarthook, establishing a persistence mechanism that executes code automatically at the beginning of each agent session. - [COMMAND_EXECUTION]: Multiple shell commands are executed to check system versions, generate cryptographic keys using
solana-keygen, and configure CLI settings. - [DATA_EXFILTRATION]: The CLI communicates with an external gateway at
https://gateway.proxygate.ai. This is functional for the service but involves transmitting transaction-related metadata and requires the agent to handle sensitive wallet configuration. - [PROMPT_INJECTION]: The skill processes untrusted data from API listings and documentation (ingestion points:
proxygate apisandproxygate listings docsinreferences/commands.md). No boundary markers or sanitization processes are defined. Given the skill's capabilities (capability inventory:proxygateCLI execution,solana-keygen, and file system access), this creates an attack surface for indirect prompt injection.
Audit Metadata