batch
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and executes the 'starkfi' package from the NPM registry at runtime using 'npx'.
- Evidence: 'npx starkfi@latest' is utilized in 'allowed-tools' and multiple command examples.
- Risk: The use of '@latest' instead of a pinned version or integrity hash exposes the execution environment to potential supply chain attacks if the external package is compromised.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute CLI operations based on user input.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection (Category 8) due to the way user-provided data is handled in shell commands.
- Ingestion points: User-provided values for amounts, token symbols, and addresses are accepted via the '--swap', '--stake', '--supply', and '--send' flags in 'SKILL.md'.
- Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are present to isolate user-provided data from the command structure.
- Capability inventory: The skill has the capability to execute shell commands via the 'Bash' tool.
- Sanitization: There is no evidence of input validation, escaping, or sanitization for the parameters interpolated into the 'starkfi' CLI calls.
Audit Metadata