endaoment
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from external sources, creating a surface for indirect prompt injection.
- Ingestion points: Charity information is fetched from the Endaoment API (api.endaoment.org) in
scripts/search.sh, and contract data is retrieved from the Base RPC (mainnet.base.org) inscripts/donate.sh. - Boundary markers: Output is returned to the agent context without boundary delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the capability to execute financial transactions (USDC donations) via the
bankrCLI. - Sanitization: While
jqis used for parsing, the raw text fields like charity names and descriptions are not filtered for potential malicious instructions. - [EXTERNAL_DOWNLOADS]: The skill connects to official external endpoints to retrieve necessary data for operation.
- Communicates with the Endaoment API (api.endaoment.org) for charity searches and metadata.
- Queries the Base mainnet RPC (mainnet.base.org) to verify contract status and compute addresses.
- [COMMAND_EXECUTION]: The skill executes shell commands via the
bankrCLI, which is a vendor-provided tool used to sign and submit blockchain transactions.
Audit Metadata