dca
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill constructs and executes shell commands using user-supplied parameters like token symbols, amounts, and duration strings (e.g., in
npx starkfi@latest dca-create). This presents a risk of command injection if user-provided input contains shell metacharacters. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its processing of untrusted user data.
- Ingestion points: User-provided token symbols, transaction amounts, and frequency durations.
- Boundary markers: The skill lacks delimiters or instructions to ignore embedded commands within user input.
- Capability inventory: The skill executes shell commands and performs blockchain transactions via the npx starkfi toolset.
- Sanitization: No instructions for validating or sanitizing the format of inputs are provided.
Audit Metadata