blockrun
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the 'blockrun-llm' package using pip, which is a third-party dependency provided by an unverified author.
- [CREDENTIALS_UNSAFE]: The skill accesses a sensitive session file at '$HOME/.blockrun/.session'. This file is used to store on-chain USDC wallet credentials, representing a significant security risk if the file is exposed or manipulated.
- [COMMAND_EXECUTION]: The skill uses Bash tools (python, pip, source) to perform setup tasks and execute Python scripts for wallet management and model interaction.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its integration with external data sources. Ingestion points: Untrusted data from X/Twitter and external LLM responses are ingested via 'client.chat' calls (SKILL.md). Boundary markers: No delimiting markers or safety instructions are provided to help the agent distinguish between user instructions and embedded data. Capability inventory: The skill has the ability to execute shell commands and authorize financial payments from a local wallet. Sanitization: No validation or sanitization of external content is performed before it is processed by the agent.
Audit Metadata