Skills
skills/0xweaksheep/aave_farmore/aave-planner/Gen Agent Trust Hub

aave-planner

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local script packages/plugins/aave-planner/scripts/simulate-position.ts using npx tsx to simulate financial positions.
  • [EXTERNAL_DOWNLOADS]: The skill references and links to https://app.aave.com and https://docs.aave.com, which are official and well-known services for the Aave protocol.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it interpolates user-provided data into command-line arguments and deep link URLs.
  • Ingestion points: User-provided inputs for chainId, userAddress, action, token, and amount in SKILL.md.
  • Boundary markers: Absent. No delimiters are defined for user-controlled variables.
  • Capability inventory: Execution of a simulation script and generation of web deep links.
  • Sanitization: Absent. The skill does not define methods for validating or escaping user-provided inputs before they are used in commands or URLs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 10:06 PM