qrcoin
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill mandates the use of a PRIVATE_KEY environment variable and provides setup instructions to export it in plaintext. This is a severe security risk as private keys stored in environment variables are susceptible to exposure via process enumeration, logging, or system compromise.
- [PROMPT_INJECTION] (LOW): The skill processes untrusted user input (URLs and names) which are subsequently used in blockchain transactions. 1. Ingestion points: Command arguments for bid and contribute. 2. Boundary markers: No delimiters or isolation markers are defined in the instructions. 3. Capability inventory: Execution of blockchain transactions on the Base network. 4. Sanitization: No sanitization or validation logic is specified for the URL or name inputs, creating an attack surface for indirect prompt injection if the agent or a viewer parses the winning URL.
Recommendations
- AI detected serious security threats
Audit Metadata