solana-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The script
scripts/call-mcp.tsperforms network POST requests to an external, non-whitelisted domain (solmcp.daog1.workers.dev). While it does not access sensitive local files, it transmits user-provided arguments to this remote server. - Unverifiable Dependencies & Remote Code Execution (LOW): The skill relies on external Node.js dependencies (
commander) and requires a runtime runner (tsx). While these are standard tools, they are external dependencies executed as part of the skill's workflow. - Indirect Prompt Injection (LOW): The skill provides a surface for tool output poisoning by ingesting and processing data from an external MCP server without sanitization. Evidence Chain: 1. Ingestion points: Data is received via the
fetchcall inscripts/call-mcp.ts. 2. Boundary markers: Absent; the script outputs the raw JSON response. 3. Capability inventory: The script can perform outbound network POST requests to arbitrary URLs. 4. Sanitization: Absent; the server response is parsed as JSON and printed directly to the agent context without validation or filtering.
Audit Metadata