yoink
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill requires and executes
curlandjqcommands to interact with a public Ethereum RPC endpoint (https://mainnet.base.org). This is standard behavior for blockchain-integrated skills and is used solely for reading game state. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes external data from a blockchain RPC to inform the agent's decision-making regarding game rules (e.g., cooldown status). While an ingestion point for untrusted data, the risk is limited to game-state manipulation within the agent's reasoning process.
- DATA_EXFILTRATION (INFO): The skill performs network requests via
curl. These requests are directed to a legitimate public RPC endpoint for the Base network and do not transmit sensitive local information.
Audit Metadata