Skills
skills/franalgaba/grimoire/grimoire-lifi/Gen Agent Trust Hub

grimoire-lifi

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill promotes the use of npx -y @grimoirelabs/cli, which downloads and executes code from a non-whitelisted npm package at runtime.
  • [Indirect Prompt Injection] (HIGH): The skill processes external .spell files to execute sensitive financial transactions.
  • Ingestion points: File paths passed to grimoire validation and execution commands in SKILL.md.
  • Boundary markers: No delimiters or instructions are provided to the agent to treat the content of .spell files as untrusted data.
  • Capability inventory: The CLI executes financial operations including lifi.swap, lifi.bridge, and lifi.compose_execute.
  • Sanitization: Documentation suggests slippage and output checks, but these do not prevent adversarial instructions within a spell file from manipulating transaction destinations or logic.
  • [External Downloads] (MEDIUM): Instructions require installation of @grimoirelabs packages, which are not part of the trusted organizational scope.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:08 AM