endaoment
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE] (SAFE): The skill correctly implements its stated functionality using the official Endaoment protocol contracts on the Base network. Hardcoded addresses for the OrgFundFactory (0x10fd9348136dcea154f752fe0b6db45fc298a589) and USDC (0x833589fcd6edb6e08f4c7c32d4f71b54bda02913) match verified deployments.
- [SAFE] (SAFE): Blockchain interactions are performed using the reputable
viemlibrary, following standard integration patterns for wallet and public clients. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface: The skill reflects user-controlled data in its markdown responses, which could be exploited if an attacker provides malicious input through data sources the agent processes.
- Ingestion points: The
queryparameter inendaoment_searchand theeinandamountparameters inendaoment_donate(index.ts). - Boundary markers: None; user-supplied strings are interpolated directly into the final output strings without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill can sign and broadcast blockchain transactions (
writeContract) using a provided private key. - Sanitization: The skill performs basic sanitization, such as removing dashes from EINs and parsing numeric amounts, but does not sanitize the search query or reflected names.
- [DATA_EXPOSURE] (INFO): The skill requires a
PRIVATE_KEYenvironment variable. While this is the intended mechanism for signing transactions, users should handle this credential with caution to prevent exposure in logs or process environments.
Audit Metadata