Skills
skills/imjszhang/js-creamlon/creamlon-skill/Gen Agent Trust Hub

creamlon-skill

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the creamlon package from the official npm registry using the npx command. This package is provided by the skill author and is essential for the protocol's functionality.
  • [COMMAND_EXECUTION]: Invokes several CLI commands via npx to perform protocol operations, including task submission (submit), proof verification (fetch-proof), and node maintenance (status, audit).
  • [DATA_EXFILTRATION]: The skill utilizes GitHub tokens (GITHUB_TOKEN, GH_TOKEN) to interact with the GitHub API for managing Issues and repository topics. The instructions emphasize never printing or committing these secrets.
  • [PROMPT_INJECTION]: The skill processes external data from GitHub Issues, presenting a surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the context via watch, fetch-proof, and extension delivery fetch-input commands which read from repository Issues.
  • Boundary markers: The protocol enforces specific Issue titles ([task] <capability_id>) and structured object models defined in the protocol documentation.
  • Capability inventory: The skill performs local file system writes for identity management (Ed25519 keys) and network operations to GitHub.
  • Sanitization: The CLI tool performs Ed25519 signature verification and HMAC task binding to ensure the integrity and authenticity of processed data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 07:53 AM
Security Audit — agent-trust-hub — creamlon-skill