build-data-pipeline
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes bash scripts in the preamble and post-amble to manage local state, track session duration, and log events to
~/.superstack/telemetry.jsonl. - [DATA_EXFILTRATION]: Sends usage metrics (skill name, phase, platform, and duration) to a remote endpoint. The target URL is retrieved from the user's local configuration file (
~/.superstack/config.json). The skill performs an initial telemetry ping using an 'anonymous' tier before the user is prompted for consent during the first run. - [EXTERNAL_DOWNLOADS]: Recommends the execution of
npx helius-mcp@latestto manage Solana webhooks. This involves fetching and running code from the public NPM registry. Helius is a well-known service provider within the Solana ecosystem. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface by ingesting data from project-local files.
- Ingestion points: Reads project configuration and stack decisions from
.superstack/build-context.md(SKILL.md). - Boundary markers: The skill does not employ specific delimiters or 'ignore' instructions when reading the context file.
- Capability inventory: The agent has access to shell execution (bash), file system modification, and network operations (
curl). - Sanitization: There is no evidence of validation or sanitization of the contents read from the build-context file before it influences agent behavior.
Audit Metadata