mev-security
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill fetches content from 'https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md'. This repository and user are not on the trusted sources list.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data. Evidence Chain: 1. Ingestion point: The remote README.md specified in SKILL.md. 2. Boundary markers: Absent; no instructions are provided to the agent to ignore instructions embedded within the fetched markdown. 3. Capability inventory: The agent is expected to process, categorize, and potentially display information from the source. 4. Sanitization: Absent; there is no validation of the remote content before processing.
Audit Metadata