akash
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION (HIGH): The skill instructs the user to install the Akash CLI and Provider Proxy using the piped-to-shell pattern:
curl -sSfL https://get.akash.network | sh. Per security policy, this is a high-severity risk as the domainakash.networkis not on the trusted organization whitelist. - COMMAND_EXECUTION (HIGH): The skill enables the agent to perform high-risk infrastructure operations including
akash provider lease-shell(interactive shell access to cloud containers),sudooperations for cluster setup, and modifying systemd services. - DATA_EXPOSURE (MEDIUM): Documentation includes instructions for exporting private wallet keys to local files (e.g.,
akash keys export wallet > wallet.key) and managing sensitive API keys and mnemonics in environment variables. - MALICIOUS_URL_DETECTION (HIGH): Automated scanners flagged the project's core domains (
akash.net,console.akash.net,console-api.akash.net) as malicious/blacklisted. While likely a result of the decentralized nature of the project, these are the primary targets for API requests and manifest submissions. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-supplied task descriptions to generate complex SDL (Stack Definition Language) files and execute blockchain transactions. There are no explicit boundary markers or sanitization steps defined to prevent malicious inputs from influencing generated configurations or shell commands.
Recommendations
- AI detected serious security threats
- Contains 3 malicious URL(s) - DO NOT USE
Audit Metadata