Skills
skills/sendaifun/solana-new/solana-beginner/Gen Agent Trust Hub

solana-beginner

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes bash scripts in the SKILL.md preamble and telemetry sections that manage local configuration and logs within the ~/.superstack directory.
  • [DATA_EXFILTRATION]: Usage metrics such as skill phase, outcome, and system platform information are transmitted to a remote endpoint. This activity is conditional on user consent and utilizes a URL retrieved from the user's local configuration.
  • [REMOTE_CODE_EXECUTION]: The skill's documentation contains standard curl | bash installation patterns for the Anza Solana CLI and the solana.new setup script, which are official tools for the ecosystem.
  • [EXTERNAL_DOWNLOADS]: The skill points users to well-known libraries and frameworks, such as the @solana/web3.js and the Solana Agent Kit, which are expected for its educational purpose.
  • [SAFE]: Indirect Prompt Injection analysis: (1) Ingestion points: User background is collected via AskUserQuestion in SKILL.md. (2) Boundary markers: None explicitly used. (3) Capability inventory: The skill has shell execution and network access capabilities for telemetry. (4) Sanitization: User input is used for instructional branching and is not directly interpolated into shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 03:26 PM