blacksmith-testbox
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the Blacksmith CLI installer from the official
get.blacksmith.shdomain. - [REMOTE_CODE_EXECUTION]: The installer script is executed by piping a remote download directly to the shell (
curl | sh). This is the documented and primary method for setting up the Blacksmith tool required for the skill's functionality. - [DATA_EXFILTRATION]: The skill's core function involves synchronizing local Git-tracked files to remote virtual machines managed by Blacksmith.sh. This process is designed to follow standard CI/CD practices by excluding gitignored files (like
.env), minimizing the risk of accidental secret exposure. - [COMMAND_EXECUTION]: The skill executes shell commands locally using the
blacksmithCLI and various project-specific tools (e.g.,pnpm,go test,pytest), as well as executing arbitrary commands within the remote environment. - [PROMPT_INJECTION]: The skill processes local repository data, creating a surface for indirect prompt injection where malicious instructions could be embedded in synced files.
- Ingestion points: Local repository files synced to the remote environment (SKILL.md).
- Boundary markers: Absent; there are no instructions to the agent to ignore instructions embedded within the synced files.
- Capability inventory: Remote command execution and file synchronization using the
blacksmithCLI (SKILL.md). - Sanitization: Absent; the skill does not implement validation or sanitization of file contents before synchronization.
Audit Metadata