Skills
skills/franalgaba/grimoire/grimoire-uniswap/Gen Agent Trust Hub

grimoire-uniswap

Fail

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to use npx -y @grimoirelabs/cli, which downloads and executes an external package from the npm registry at runtime.
  • [EXTERNAL_DOWNLOADS]: The skill supports fetching data from external sources via --source, --endpoint, and --rpc-url flags, as well as querying The Graph network.
  • [PROMPT_INJECTION]: The skill processes data from external, untrusted sources (The Graph, RPC, and provided URLs) to generate snapshots for 'spells', creating a surface for indirect prompt injection.
  • Ingestion points: Data fetched via --source and --endpoint flags in the tokens and pools commands in SKILL.md.
  • Boundary markers: Absent.
  • Capability inventory: Shell command execution (grimoire, npx, bun) and network access.
  • Sanitization: Absent.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution to invoke its primary functionality via the grimoire CLI tool and local script execution via bun.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 3, 2026, 03:27 PM