Skills
skills/flux-point-studios/cardano-defi-skills/indigo-cdp-operator/Gen Agent Trust Hub

indigo-cdp-operator

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill runs a Node.js script to process transaction signatures.
  • [COMMAND_EXECUTION]: The script scripts/sign-and-submit.js imports signing logic from a relative path (../../../scripts/saturnswap-signer.js) pointing outside the skill directory.
  • [PROMPT_INJECTION]: The skill has an ingestion surface for untrusted transaction data.
  • Ingestion points: Transaction hex is accepted via the --cbor argument in scripts/sign-and-submit.js.
  • Boundary markers: No boundary markers are used to isolate the transaction hex.
  • Capability inventory: The skill can sign arbitrary data and output the result.
  • Sanitization: The input hex is processed without validation within the skill scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 01:21 AM