grimoire-aave
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill suggests using
npx -y @grimoirelabs/cli. This command downloads and executes a Node.js package from the npm registry without user confirmation. The organizationgrimoirelabsis not on the predefined list of trusted sources. - COMMAND_EXECUTION (LOW): The skill is designed to run various shell commands (e.g.,
grimoire venue aave ...) to fetch market data. This is the primary function of the skill but presents a risk if the input parameters are not properly sanitized by the agent. - REMOTE_CODE_EXECUTION (MEDIUM): Running
npx -y @grimoirelabs/clieffectively allows for remote code execution as the code being run is fetched from a remote repository at runtime. - PROMPT_INJECTION (LOW): Indirect Prompt Injection (Category 8). The skill has a surface for indirect injection as it ingests data from external Aave market reserves. Evidence: 1. Ingestion point: Aave V3 market metadata and reserve snapshots. 2. Boundary markers: None present. 3. Capability inventory: Shell command execution via grimoire CLI. 4. Sanitization: No explicit sanitization or escaping of blockchain-sourced strings mentioned.
Audit Metadata