aave-v3-core
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (HIGH): The skill defines a high-risk indirect prompt injection surface for financial operations. 1. Ingestion points: Ingests untrusted external blockchain data via getUserAccountData and getReserveData in core-pool.md and best-practices-integration.md. 2. Boundary markers: Absent; no delimiters are suggested to separate protocol data from potential malicious instructions. 3. Capability inventory: Provides instructions for high-privilege actions including supply, borrow, liquidate, and flashLoan in core-pool.md. 4. Sanitization: Absent; no guidance on validating or escaping blockchain state data is provided.
- [External Downloads] (MEDIUM): Recommends the installation of the @aave/core-v3 npm package and references scripts from an untrusted GitHub repository (antfu/skills), neither of which are on the trusted source whitelist.
- [Metadata Poisoning] (LOW): Includes suspicious future-dated versioning and generation dates (2026.2.9) that are misleading regarding the skill's origin and currency.
Recommendations
- AI detected serious security threats
Audit Metadata