onchainkit
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The script
scripts/create-onchain-app.pyexecutesnpm create onchain@latest. This command downloads and runs a project generator from the npm registry, which constitutes remote code execution. Since the provider (Coinbase) is not on the predefined trusted list, this is flagged as a risk. - [COMMAND_EXECUTION] (MEDIUM): The
scripts/validate-setup.pyscript invokesnpm run build. This command executes arbitrary scripts defined in the project'spackage.json. If the project files are untrusted or modified, this can lead to arbitrary code execution on the host system. - [PROMPT_INJECTION] (LOW): The skill accepts user-provided project names which are then interpolated into shell commands. While alphanumeric sanitization is performed, this represents an indirect injection surface.
- Ingestion points:
scripts/create-onchain-app.pyvia theproject_nameargument. - Boundary markers: Absent.
- Capability inventory: Shell command execution via
subprocess.run(shell=True)and project structure modification. - Sanitization: Input is validated to be alphanumeric with hyphens and underscores allowed.
- [EXTERNAL_DOWNLOADS] (LOW): The script
scripts/setup-environment.pyperformsnpm install @coinbase/onchainkit, which downloads and installs external packages from the npm registry during the environment setup process.
Audit Metadata