grimoire-morpho-blue
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to use
npx -y @grimoirelabs/cli, which downloads and executes the Grimoire CLI from the NPM registry. It also references the@grimoirelabs/venuespackage. These are verified as vendor resources associated with the skill's Grimoire ecosystem. - [COMMAND_EXECUTION]: The skill facilitates the execution of shell commands through
grimoire,npx, andbunto perform metadata queries and snapshot operations. - [PROMPT_INJECTION]: The skill processes untrusted external data from the Morpho Blue protocol, creating an indirect prompt injection surface.
- Ingestion points: Output from the
grimoire venue morpho-blueCLI commands (SKILL.md). - Boundary markers: Absent; there are no specific instructions for the agent to use delimiters or ignore embedded instructions when parsing fetched metadata.
- Capability inventory: The agent has the capability to execute shell commands and interact with the local filesystem as part of the CLI workflow.
- Sanitization: The instructions do not define any validation, filtering, or escaping protocols for data retrieved from external protocol sources.
Audit Metadata