Skills
skills/sablier-labs/sablier-skills/sablier-create-vesting/Gen Agent Trust Hub

sablier-create-vesting

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security risks were identified. The skill correctly prioritizes secure wallet interaction methods and incorporates human-in-the-loop safeguards.
  • [COMMAND_EXECUTION]: The skill constructs shell commands using cast and jq to perform onchain operations and data parsing. These are legitimate utilities used as intended for blockchain state management.
  • [EXTERNAL_DOWNLOADS]: The skill references official Sablier documentation and suggests installing supplementary verified skills from the sablier-labs GitHub organization using npx, which is an expected workflow within the vendor's ecosystem.
  • [PROMPT_INJECTION]: The skill demonstrates a surface for indirect prompt injection as it processes user-provided inputs like token addresses and schedule details. (1) Ingestion points: chain_name, vested_token_address, and vesting_details (SKILL.md). (2) Boundary markers: Absent. (3) Capability inventory: Subprocess execution via cast send (references/cli.md). (4) Sanitization: Absent; the skill mitigates this risk by requiring human-readable previews and mandatory user confirmation before any transaction is broadcast.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 11:17 AM