cardano-cli-doctor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes local commands to verify the environment. Tool usage is explicitly constrained in the metadata to
cardano-cliandwhich, preventing arbitrary command execution. - [DATA_EXPOSURE] (SAFE): The skill includes specific operating rules that forbid the agent from asking for, logging, or touching secret key files (
.skey). It prioritizes read-only diagnostic flags such asversionand--help. - [EXTERNAL_DOWNLOADS] (SAFE): No external dependencies, remote scripts, or network-based downloads are initiated by the skill or its associated bash script.
- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes output from local command help text, this data is generated by the local system binary and does not constitute a high-risk untrusted data ingestion surface.
Audit Metadata