yoink
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill consumes untrusted data from the Base blockchain (e.g., player names or metadata associated with addresses) which could contain malicious instructions.
- Ingestion points: On-chain game status and leaderboard data processed via
/yoink statusand/yoink leaderboardcommands. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands in fetched data are present.
- Capability inventory: The skill requires
PRIVATE_KEYto execute theyoink()function on-chain, granting it write access to the blockchain. - Sanitization: The documentation does not specify any sanitization or validation logic for data retrieved from the smart contract.
- [No Code] (SAFE): No implementation scripts (Python, JavaScript, etc.) were provided with this skill; analysis is based solely on the
SKILL.mdspecification.
Audit Metadata