opensea-api
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PERSISTENCE]: The skill documentation in SKILL.md instructs users to append an export command for the OPENSEA_API_KEY to shell profile files such as ~/.zshrc or ~/.bashrc. This method is used to maintain the environment variable across sessions but involves modifying system configuration files.
- [DATA_EXPOSURE]: The practice of storing API keys in plaintext within shell configuration files (~/.zshrc, ~/.bashrc) exposes sensitive credentials to any process or user with read access to these common files.
- [INDIRECT_PROMPT_INJECTION]: The skill fetches untrusted data, including NFT names and descriptions, from the OpenSea API. This content is presented to the agent without sanitization, creating a surface for indirect prompt injection.
- Ingestion points: The scripts scripts/fetch_nft.sh, scripts/collection_stats.sh, scripts/monitor_collection.sh, and scripts/wallet_nfts.sh retrieve data from api.opensea.io.
- Boundary markers: No delimiters or protective instructions are implemented to prevent the agent from interpreting instructions found within the NFT metadata.
- Capability inventory: The skill can perform network requests and execute local shell commands.
- Sanitization: No validation or filtering is applied to the data retrieved from the external API before it is processed.
Recommendations
- AI detected serious security threats
Audit Metadata