dapp-builder
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Automated scan results from URLite identify a blacklisted URL associated with the project file
main.rs. Confirmed blacklist hits for URLs are considered critical indicators of malicious infrastructure or malware distribution. - [COMMAND_EXECUTION] (HIGH): The skill's documentation in
SKILL.mddirects the agent to execute shell commands using the GitHub CLI (gh) andgitfor repository management and self-improvement tasks. This provides a direct path for executing arbitrary code or performing unauthorized actions on the user's GitHub account if the agent is not strictly isolated. - [EXTERNAL_DOWNLOADS] (LOW): The skill references and suggests cloning code from the
freenetGitHub organization, which is not listed as a trusted external source. - [PROMPT_INJECTION] (LOW): The self-improvement workflow in
SKILL.mdcreates an indirect prompt injection surface (Category 8). Mandatory Evidence Chain: 1. Ingestion points: Agent's internal evaluation of instructions; 2. Boundary markers: Absent; 3. Capability inventory:ghandgitCLI command execution; 4. Sanitization: Absent. This surface could be exploited to manipulate the agent into executing malicious CLI commands.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata