midnight-network
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Hardcoded credential 'POSTGRES_PASSWORD: midnight_dev' found in 'assets/docker-compose.yml'.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs downloading Docker images from 'midnightnetwork/proof-server' and installing npm packages from '@midnight-ntwrk', neither of which are in the trusted repository or organization list.
- [COMMAND_EXECUTION] (MEDIUM): Provides numerous bash commands for 'docker run' and 'curl' operations, creating an execution vector for external content.
- [DATA_EXFILTRATION] (LOW): Functional network requests are made to 'midnight.network' domains to interact with indexers and RPC nodes.
- [PROMPT_INJECTION] (HIGH): High risk of Indirect Prompt Injection (Category 8). 1. Ingestion: Consumes external blockchain state via GraphQL in 'references/indexer-graphql.md'. 2. Boundaries: No explicit boundary markers or 'ignore instructions' delimiters for the agent. 3. Capability Inventory: 'SKILL.md' and 'references/proof-server.md' provide 'docker run' and 'curl' command execution capabilities. 4. Sanitization: No evidence of input validation or sanitization for external API data.
Recommendations
- AI detected serious security threats
Audit Metadata