writing-bots
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill mandates installing a global tool using
uv tool install silverback. Whilesilverbackis a known framework by ApeWorX, it is not on the provided trusted source list. Additionally, it requires fetching external documentation fromdocs.apeworx.ioto function. - COMMAND_EXECUTION (MEDIUM): The skill is designed to generate a
bot.pyfile and execute it usingsilverback run. Running dynamically generated code that interacts with blockchain networks (signing transactions) is a high-risk operation. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8). It explicitly instructs the agent to use
web_fetchon an external documentation site (docs.apeworx.io) to determine its logic. - Ingestion points:
web_fetchfromdocs.apeworx.ioinsideSKILL.md. - Boundary markers: Absent; there are no instructions to ignore malicious commands embedded in the fetched documentation.
- Capability inventory: The agent has the ability to install tools, write files, and execute shell commands.
- Sanitization: Absent; the fetched content is used directly to guide code generation.
- CREDENTIALS_UNSAFE (LOW): The skill encourages the use of environment variables for sensitive data like signers and API keys. While this is a standard practice, the skill also suggests
printdebugging, which could lead to accidental credential exposure in logs.
Audit Metadata