portfolio
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx starkfi@latestwhich downloads thestarkfipackage from the npm registry at runtime. This dependency is not pinned to a specific version, allowing for potential supply chain attacks. - [REMOTE_CODE_EXECUTION]: Runtime execution of the
starkfipackage vianpxallows for the execution of code that is fetched remotely from a public registry every time the tool is called. - [COMMAND_EXECUTION]: The allowed tool definition
Bash(npx starkfi@latest portfolio *)includes a wildcard (*). This permits the AI agent to pass arbitrary arguments to the shell command, which can be exploited to execute unintended sub-commands or flags via prompt injection. - [PROMPT_INJECTION]: The skill processes untrusted data from the Starknet blockchain which serves as a surface for indirect prompt injection.
- Ingestion points: DeFi portfolio data (token balances, staking positions) fetched from the blockchain via the
starkfitool (SKILL.md). - Boundary markers: None present in the skill's instructions.
- Capability inventory: The agent can execute arbitrary commands via the Bash tool (SKILL.md).
- Sanitization: No sanitization or validation of the fetched blockchain content is described.
Audit Metadata