qrcoin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external content (bid URLs and names) retrieved from the blockchain via RPC calls. This data is then interpolated into transaction templates for the 'Bankr' tool.
- Ingestion points: Data returned from
eth_callviacurl(specifically URLs and names in bid history) and direct user input. - Boundary markers: None. Untrusted strings are interpolated directly into prompts for the Bankr tool.
- Capability inventory: Financial transaction execution (via Bankr), arbitrary
curlcommands to RPC endpoints. - Sanitization: No evidence of sanitization or validation of the URLs or names retrieved from the blockchain.
- [Command Execution] (LOW): The skill uses
curlandjqto interact with the public Base RPC endpoint (https://mainnet.base.org). This is a legitimate requirement for the skill's functionality but should be monitored for unexpected endpoint changes. - [Financial Risk] (INFO): The skill facilitates the spending of USDC. Users should verify contract addresses (
0x7309...A176) independently before authorizing large approvals.
Recommendations
- AI detected serious security threats
Audit Metadata