stackspot
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs blockchain transactions using
callContractinstackspot.tsto interact with smart contracts on the Stacks mainnet.- [DATA_EXFILTRATION]: All write commands instackspot.ts(lines 255, 283, 313, 342) usePostConditionMode.Allow. This setting bypasses standard security checks that protect wallet assets, allowing the target contracts to move any tokens from the user's account during the transaction. This is a high-risk configuration that increases exposure if the destination contracts are compromised.- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. - Ingestion points: Data is retrieved from on-chain contracts via
callPotReadOnlyinstackspot.ts. - Boundary markers: There are no protective markers or instructions used when outputting contract data to the agent context.
- Capability inventory: The skill can execute financial transactions and manage wallet states.
- Sanitization: Retrieved data is not sanitized before being presented to the agent, potentially allowing malicious on-chain content to influence agent logic.
Audit Metadata