yoink
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with the official Base network RPC endpoint (
https://mainnet.base.org) to fetch game state data such as the current flag holder and scores. - [COMMAND_EXECUTION]: Utilizes standard system utilities
curlandjqto perform read-only queries against blockchain APIs, as defined in the contract interface and workflow sections. - [PROMPT_INJECTION]: No patterns indicative of direct prompt injection or safety guideline bypasses were identified. The skill presents an indirect prompt injection surface:
- Ingestion points: Smart contract state data returned from the Base RPC endpoint (e.g.,
eth_callresults). - Boundary markers: Absent; the skill relies on the agent to parse JSON results from the RPC call.
- Capability inventory: Transaction execution capability through the Bankr interface (
to,data,valueJSON format). - Sanitization: None specified for the data returned from the blockchain.
- [DATA_EXFILTRATION]: Analysis did not detect any access to sensitive local files or unauthorized network communication patterns.
Audit Metadata