trade
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill defines
allowed-toolsusing the*wildcard in bash commands (e.g.,Bash(npx starkfi@latest trade *)). This permits the agent to append arbitrary strings to the shell command. If user-provided input is not sanitized before interpolation, an attacker could execute secondary shell commands or inject malicious flags.\n- [REMOTE_CODE_EXECUTION]: The skill utilizesnpx starkfi@latest, which downloads and executes remote code from the npm registry upon invocation. Using the@latesttag means the skill automatically runs the newest available version of the package, making it highly susceptible to supply chain attacks where a compromised package version could gain full execution rights on the host system.\n- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of thestarkfiCLI tool from the npm registry (a well-known public service) whenever the trading tools are used.
Recommendations
- AI detected serious security threats
Audit Metadata