flipside
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and configuration guidelines from the vendor's official GitHub repository (FlipsideCrypto/flipside-tools) and installation domain (install.flipsidecrypto.xyz).
- [REMOTE_CODE_EXECUTION]: Installation instructions recommend piping remote shell scripts directly to the command line (curl -fsSL ... | sh). These resources are verified as originating from the official vendor infrastructure.
- [COMMAND_EXECUTION]: Local bash scripts are used to verify authentication status (flipside whoami) and validate agent/automation YAML files before deployment.
- [PROMPT_INJECTION]: The skill ingests blockchain query results, creating a surface for indirect prompt injection.
- Ingestion points: Results from SQL queries (e.g., token transfers) are passed to LLM transforms for analysis.
- Boundary markers: Prompt templates in the provided assets do not currently use specific delimiters to isolate external data.
- Capability inventory: The skill possesses capabilities to execute SQL queries and manage agent deployments.
- Sanitization: No explicit sanitization or filtering of blockchain data is observed in the provided prompt templates.
Audit Metadata