Skills
skills/ortus-boxlang/skills/boxlang-runtime-matchbox/Gen Agent Trust Hub

boxlang-runtime-matchbox

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides an installation command that downloads and executes a shell script: curl -sSL https://raw.githubusercontent.com/ortus-boxlang/matchbox/master/install/install.sh | bash. This script is hosted on the official GitHub repository of the developer (ortus-boxlang).
  • [COMMAND_EXECUTION]: Multiple examples demonstrate using the matchbox command-line tool to compile BoxLang scripts into native binaries, WASM, and ESP32 firmware.
  • [PROMPT_INJECTION]: The MatchBox runtime processes external data files, which is an ingestion point for potentially untrusted content. Ingestion points: CLI arguments referencing external data files like data.json in SKILL.md. Boundary markers: Absent. Capability inventory: Execution of local BoxLang scripts and compilation to binary targets via the MatchBox CLI. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 02:16 PM