Skills
skills/smartcontractkit/chainlink-agent-skills/chainlink-cre-skill/Gen Agent Trust Hub

chainlink-cre-skill

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading the CRE environment and templates from infrastructure hosted on the cre.chain.link domain and official GitHub repositories.
  • Evidence: Installation scripts referenced in getting-started.md at https://cre.chain.link/install.sh and https://cre.chain.link/install.ps1.
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to install the CLI using piped shell commands from remote sources, which is a standard distribution method for this vendor's tooling.
  • Evidence: curl -sSfL https://cre.chain.link/install.sh | bash and irm https://cre.chain.link/install.ps1 | iex in getting-started.md.
  • [PROMPT_INJECTION]: The skill is designed to process external, potentially untrusted data from multiple sources, creating an indirect prompt injection attack surface.
  • Ingestion points: Data enters the agent's context through HTTP trigger payloads, EVM log event data (topics and data fields), and results from external API requests handled by the HTTP capability.
  • Boundary markers: The instructions mandate the use of Zod for runtime schema validation in TypeScript workflows to ensure external data matches expected structures.
  • Capability inventory: The agent utilizes Bash for CLI operations, WebFetch for fetching documentation, and Write/Edit for modifying project files and workflow code.
  • Sanitization: The skill emphasizes the use of scaled integers, bigints for blockchain values, and strict schema parsing to prevent malformed or malicious data from influencing execution logic.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 12:26 PM