Skills
skills/cobosteven/cobo-agent-wallet-manual/cobo-agentic-wallet-sandbox/Gen Agent Trust Hub

cobo-agentic-wallet-sandbox

Warn

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts/bootstrap-env.sh script downloads the caw CLI and cobo-tss-node binaries from vendor-controlled domains (download.agenticwallet.cobo.com and download.tss.cobo.com). These downloads are performed via curl and extracted using tar at runtime.
  • [REMOTE_CODE_EXECUTION]: Following the download in scripts/bootstrap-env.sh, the script executes the caw binary to verify its version. This pattern constitutes the execution of externally sourced binaries.
  • [COMMAND_EXECUTION]: Multiple recipe files (e.g., recipes/evm-defi-aave.md, recipes/evm-defi-polymarket.md, and recipes/solana-defi-dex-swap.md) use node -e to execute JavaScript snippets. These snippets are constructed from shell variables to perform ABI encoding, HMAC-SHA256 computation, and Solana instruction building.
  • [PROMPT_INJECTION]: The file recipes/security.md contains various prompt injection patterns (such as 'Ignore previous instructions' and 'unrestricted mode'). These are documented as examples of malicious instructions for the agent to refuse, serving as a defensive mechanism, though they are flagged by static analysis tools as high-risk patterns.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 25, 2026, 11:03 AM