erc8004-celo
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): In 'scripts/register.sh', the skill advises users to install the Foundry toolkit using 'curl -L https://foundry.paradigm.xyz | bash'. Executing unverified scripts from an untrusted remote source via pipe to bash is a critical security risk that allows for arbitrary code execution.
- Indirect Prompt Injection (HIGH): The skill is vulnerable to indirect prompt injection as it ingests untrusted metadata from user-provided URLs or IPFS hashes. This data is used to populate context for blockchain transactions. Evidence: 1. Ingestion points: Agent URIs in 'scripts/register.sh' and blockchain data in 'scripts/check-agent.sh'. 2. Boundary markers: Absent. 3. Capability inventory: Execution of blockchain transactions via 'cast send' in 'scripts/register.sh' and 'scripts/give-feedback.sh'. 4. Sanitization: No sanitization or verification of the external metadata content was found.
- Data Exfiltration (LOW): The 'scripts/register.sh' file contains logic to upload data to 'api.pinata.cloud'. This domain is not included in the whitelist of trusted external domains for data transmission.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://foundry.paradigm.xyz - DO NOT USE
- AI detected serious security threats
Audit Metadata