grimoire-uniswap
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [External Downloads & Remote Code Execution] (HIGH): The skill documentation encourages the use of
npx -y @grimoirelabs/cli. This command downloads and executes code directly from the npm registry. Because '@grimoirelabs' is not a trusted organization according to defined security standards, this constitutes a high-risk external dependency that could facilitate a supply chain attack or arbitrary code execution. - [Command Execution] (MEDIUM): The skill is designed to run several CLI-based commands, including
bun runand direct binary execution. This provides a mechanism for system-level interaction that, while intended for the skill's functionality, lacks restricted sandboxing. - [Indirect Prompt Injection] (LOW): The commands for
tokensandpoolsaccept external URLs via the--sourceand--endpointflags. This allows the skill to process content from attacker-controlled servers. - Ingestion points: External data is ingested through the
--sourceand--endpointarguments inSKILL.md. - Boundary markers: Absent. The skill does not provide delimiters or instructions for the AI to treat the resulting data as untrusted.
- Capability inventory: The skill can execute shell commands, run Node.js scripts, and fetch data from the network.
- Sanitization: None detected. The CLI outputs are processed as raw data without visible validation or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata