euler-irm-oracles
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (MEDIUM): The skill encourages the use of external scripts from the
euler-xyzGitHub organization (e.g.,calculate-irm-linear-kink.jsandcalculate-irm-adaptive-curve.js). Although these are official protocol tools, the organization is not within the predefined trusted scope (e.g.,vercel-labs,anthropics), rendering the dependencies unverifiable according to the strict security policy. - [Indirect Prompt Injection] (MEDIUM): The skill defines a workflow for ingesting external oracle data to influence high-impact protocol configurations.
- Ingestion points: Price feed data from Chainlink, Pyth (Hermes API), and Chronicle.
- Boundary markers: None (data is processed as raw numeric or bytes values).
- Capability inventory: Configuring the
EulerRouterviagovSetConfigandgovSetResolvedVault, and deploying IRM contracts via factories. - Sanitization: Includes best-practice staleness checks (
maxStaleness) and confidence interval validation for Pyth, but remains vulnerable to manipulated feed data that could influence the agent's financial logic.
Audit Metadata