Skills
skills/euler-xyz/agent-skills/euler-vaults/Gen Agent Trust Hub

euler-vaults

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The file rules/vault-create-market.md directs the agent/user to clone https://github.com/euler-xyz/euler-vault-scripts. The organization euler-xyz is not included in the trusted GitHub organizations list.
  • [REMOTE_CODE_EXECUTION] (HIGH): Following the repository clone, the skill instructs the execution of ./install.sh and deployment scripts. This download-then-execute pattern from an untrusted source is a significant security risk.
  • [PROMPT_INJECTION] (HIGH): The skill establishes a high-impact Indirect Prompt Injection surface (Category 8).
  • Ingestion points: Data enters the agent context through contract queries in rules/risk-check-health.md (AccountLens) and user-provided addresses in rules/sec-audits.md.
  • Boundary markers: No explicit delimiters or instruction-ignore warnings are used when processing external contract data in code templates.
  • Capability inventory: The skill enables high-privilege DeFi operations including borrow, repay, liquidate, and withdraw via the IEVault and IEVC interfaces.
  • Sanitization: Although verification via GenericFactory.isProxy is suggested in rules/sec-audits.md, the agent remains vulnerable to malicious strings or instructions returned from on-chain calls (e.g., error messages or lens outputs) while having the power to execute financial transactions.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:35 AM