Skills
skills/b-open-io/prompts/ezkl/Gen Agent Trust Hub

ezkl

Fail

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs users to install the ezkl CLI by piping a script from a remote URL directly to the bash shell. This allows for the execution of unverified code from a third-party source without integrity checks.
  • Evidence: curl https://raw.githubusercontent.com/zkonduit/ezkl/main/install_ezkl_cli.sh | bash in SKILL.md and references/cli-reference.md.
  • [COMMAND_EXECUTION]: Several commands involve passing sensitive information, such as blockchain private keys, as command-line arguments. In an agentic or multi-user environment, this practice can expose credentials in process lists, shell history, or logs.
  • Evidence: ezkl deploy-evm --private-key $KEY in SKILL.md and references/evm-integration.md.
  • [EXTERNAL_DOWNLOADS]: The skill documentation describes fetching cryptographic structured reference strings (SRS) from external servers managed by the software vendor.
  • Evidence: ezkl get-srs in SKILL.md and references/cli-reference.md.
  • [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by processing external ONNX models and JSON input data files which could be crafted to contain adversarial instructions.
  • Ingestion points: model.onnx and input.json referenced in SKILL.md.
  • Boundary markers: None specified in the instructions.
  • Capability inventory: Shell command execution via the ezkl CLI and contract deployment to EVM chains.
  • Sanitization: No methods for validating or sanitizing external model or data content are provided.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/zkonduit/ezkl/main/install_ezkl_cli.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 1, 2026, 02:34 PM