seed-grpc
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download the grpcurl utility from the official Fullstory repository on GitHub and the @seed-hypermedia/cli tool from the NPM registry. These are recognized developer tools or vendor-owned resources.
- [COMMAND_EXECUTION]: The skill uses shell commands to manage system dependencies via sudo (apt-get, dnf, pacman), install global Node.js packages (npm install -g), and execute local network operations using grpcurl and curl.
- [DATA_EXFILTRATION]: The skill's document reference format (seed-document-format.md) supports the file:// URI scheme, which allows the CLI to read local files and upload them to the Seed hypermedia network (IPFS). This capability poses a data exposure risk if the agent is directed to process documents referencing sensitive local system paths.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: It retrieves document content, metadata, and media from gRPC endpoints and the IPFS gateway, which may originate from untrusted external accounts.
- Boundary markers: No explicit delimiters or instructions are provided to help the agent distinguish between data content and control instructions.
- Capability inventory: The skill allows shell command execution (grpcurl, seed-cli, curl, npm), local file system writes via command output redirection, and file reading via the file:// scheme.
- Sanitization: The skill does not define any sanitization or validation mechanisms for data ingested from the Seed network before it is processed by the agent.
Audit Metadata