deploy-to-mainnet
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various bash scripts for telemetry logging, system platform identification (using uname), and blockchain operations via Solana CLI tools (anchor, solana).\n- [DATA_EXFILTRATION]: The skill transmits usage metadata and system architecture information to an external endpoint using curl. This behavior is mediated by a user-visible telemetry consent prompt for opt-in or opt-out.\n- [PROMPT_INJECTION]: The skill ingests data from local context files to determine project state, which presents a surface for indirect prompt injection where untrusted data in these files could influence agent logic during deployment.\n
- Ingestion points: reads from ~/.superstack/config.json and .superstack/build-context.md in SKILL.md.\n
- Boundary markers: None present to delimit untrusted data or warn the agent to ignore instructions within the context files.\n
- Capability inventory: The skill possesses filesystem read/write access, shell command execution (bash), and network access (curl).\n
- Sanitization: No escaping or validation is performed on the data read from project context files before it is processed by the agent.
Audit Metadata