erc8004-avalanche
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The script
scripts/register.shexplicitly instructs and checks for the installation of Foundry usingcurl -L https://foundry.paradigm.xyz | bash. This pattern allows a third-party server to execute arbitrary commands on the user's host machine, and the source is not within the defined list of trusted organizations. - [EXTERNAL_DOWNLOADS] (HIGH): The skill performs unvalidated network requests to the Pinata IPFS API in
scripts/register.shusingcurl. While intended for agent registration, this mechanism could be abused for data exfiltration or to interact with malicious endpoints if thePINATA_JWTor metadata variables are manipulated. - [COMMAND_EXECUTION] (HIGH): Multiple scripts (
scripts/register.sh,scripts/give-feedback.sh,scripts/check-agent.sh) execute shell commands using thecasttool. These commands interpolate user-provided arguments and environment variables without sanitization, creating a high risk of command injection if the AI agent is manipulated into passing malicious payloads. - [PROMPT_INJECTION] (LOW): Detected an Indirect Prompt Injection surface (Category 8).
- Ingestion points:
scripts/check-agent.shreadsTOKEN_URIand client lists directly from the Avalanche blockchain, which can contain attacker-controlled strings. - Boundary markers: Absent. Blockchain data is printed directly to the shell and returned to the agent context.
- Capability inventory: The skill has the capability to sign and send transactions via
cast sendinscripts/register.shandscripts/give-feedback.sh. - Sanitization: Absent. No filtering is performed on data retrieved from the Identity or Reputation registries.
Recommendations
- HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata