ave-wallet-suite
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically constructs shell commands to execute local Python scripts based on user-provided arguments. It calls
python scripts/ave_data_rest.pyandscripts/ave_trade_rest.pyusing parameters such as--keyword,--address, and--in-amountderived directly from user queries. This pattern presents a risk of command injection if the inputs are not strictly sanitized before shell execution. - [CREDENTIALS_UNSAFE]: The skill relies on and provides instructions for managing highly sensitive environment variables, including
AVE_MNEMONIC(wallet seed phrase) andAVE_API_KEY. Handling these secrets within an AI agent's context increases the risk of credential exposure or exfiltration through social engineering or compromise. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted market data. It processes token names, project descriptions, and risk reports from external blockchain sources which could contain malicious instructions intended to manipulate the agent's trading decisions.
- Ingestion points: User-supplied keywords, contract addresses, and market data retrieved from AVE API endpoints (tokens, search results).
- Boundary markers: No explicit delimiters or instruction-guarding markers are present in the routing logic.
- Capability inventory: Subprocess execution for trade submission, wallet creation, and live market data monitoring.
- Sanitization: No evidence of input validation or sanitization is provided within the instruction set.
- [EXTERNAL_DOWNLOADS]: The skill refers users to external domains for registration, documentation, and community engagement, such as
cloud.ave.ai,ave.ai, and various social platforms. These references facilitate the connection between the local environment and external vendor infrastructure.
Audit Metadata