litcoin-miner
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a standalone mining script (
litcoin_miner.py) from the vendor's primary domain (litcoiin.xyz). It also specifies dependencies on thelitcoinPython package andlitcoin-mcpNode.js package. - [COMMAND_EXECUTION]: The documentation describes the process of running the downloaded Python script locally to initiate mining and reward claiming operations.
- [REMOTE_CODE_EXECUTION]: The 'Research Mining' functionality implements a loop where the agent generates Python code to solve optimization problems and executes that code locally to verify performance against a baseline. This dynamic execution is the primary mechanism for 'Proof of Research'.
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest external data (challenges and research tasks) from the
api.litcoiin.xyzcoordinator. This creates an attack surface for indirect prompt injection, where a compromised task could attempt to influence agent actions or access environment variables. - Ingestion points: Challenge and task descriptions are retrieved from the
api.litcoiin.xyzendpoint. - Boundary markers: The documentation does not specify the use of delimiters or safety instructions when processing remote task data.
- Capability inventory: The agent possesses the ability to execute code locally, perform network operations, and interact with the Base blockchain via the Bankr SDK.
- Sanitization: No specific content sanitization or validation logic is defined for the remote tasks before they are processed by the agent.
- [DATA_EXPOSURE]: The skill requires the
BANKR_API_KEYenvironment variable for authentication and for managing DeFi operations such as staking, minting stablecoins, and claiming rewards.
Audit Metadata