flare-fassets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- DATA_EXFILTRATION (HIGH): The documentation in
SKILL.mdrecommends the dApp located athttps://fassets.au.cc. This domain is explicitly flagged as malicious/blacklisted by automated URL scanners. Directing users or agents to malicious dApps facilitates phishing and asset theft. - PROMPT_INJECTION (HIGH): The skill describes an Indirect Prompt Injection surface (Category 8) via Flare Smart Accounts.
- Ingestion points: Untrusted data enters the system from XRPL Payment transaction memo fields.
- Boundary markers: None specified for the encoded payment reference instructions.
- Capability inventory: The skill allows the execution of transactions (
executeTransaction) and minting/redemption on the Flare network based on this input. - Sanitization: No sanitization logic or instruction-guarding is described for the decoded instructions.
- COMMAND_EXECUTION (MEDIUM): The file
scripts/get-fxrp-address.tsis an executable script requiring CLI runtime (npx ts-node). While the logic is functional, providing executable code in a package that also contains malicious URLs significantly increases the risk profile. - EXTERNAL_DOWNLOADS (LOW): The skill requires external packages (
ethers,xrpl,@flarenetwork/flare-periphery-contracts) and references numerous external documentation links. While these sources are generally legitimate, they must be verified given the presence of the malicious URL finding.
Recommendations
- AI detected serious security threats
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata