Skills
skills/cybercentry/cybercentry-agent-skills/ethereum-token-verification/Gen Agent Trust Hub

ethereum-token-verification

Warn

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of the acp CLI tool from a non-whitelisted GitHub repository: https://github.com/Virtual-Protocol/openclaw-acp. Relying on external code from unknown sources presents a supply chain risk.
  • [COMMAND_EXECUTION]: The core functionality of the skill is built around the execution of shell commands (acp setup, acp browse, acp job create). This requires the agent to have shell access and the ability to execute arbitrary commands within that environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). User-provided input, such as the contract_address, is interpolated directly into a shell command's JSON requirements block.
  • Ingestion points: User-supplied contract_address in the requirements schema (SKILL.md).
  • Boundary markers: Absent. There are no delimiters or warnings to ignore instructions embedded within the user data.
  • Capability inventory: The skill uses acp job create, which is a subprocess call (SKILL.md).
  • Sanitization: Absent. The skill does not define any validation or escaping mechanisms for the input before it is passed to the system shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 7, 2026, 04:36 PM