crunch-coordinate
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Instructs the agent to install the 'coordinator-node' package via pip. This package name does not align with the vendor's known naming patterns (e.g., 'crunchdao-*') and corresponds to an unrelated, stagnant project on PyPI, posing a risk of dependency confusion or installation of unintended code.\n- [EXTERNAL_DOWNLOADS]: Downloads and installs '@crunchdao/crunch-cli' from the npm registry and 'crunch-cli' from PyPI, which are recognized as legitimate vendor-owned resources.\n- [COMMAND_EXECUTION]: Executes various system-level commands through 'crunch-cli' and build scripts such as 'make deploy' and 'make verify-e2e' to manage workspaces and deployments.\n- [CREDENTIALS_UNSAFE]: Manages paths to Solana wallet keypair files and stores protocol configuration in '~/.crunch/config.json'. The skill documentation includes explicit safety rules prohibiting the agent from reading, displaying, or committing these sensitive private key files.\n- [PROMPT_INJECTION]: Features an indirect prompt injection surface as the agent is instructed to load and follow instructions from project-specific context files within a user's workspace.\n
- Ingestion points: Reads instructions and context from 'Agent.md', the '.agent/' folder, and 'prizes.json'.\n
- Boundary markers: No delimiters or 'ignore' instructions are provided to prevent the agent from obeying embedded commands in these workspace files.\n
- Capability inventory: The skill can perform package installations, system command execution, and initiate on-chain financial transactions via the CLI.\n
- Sanitization: No validation or sanitization processes are described for the content found in the workspace instructions.
Audit Metadata