solana-kit
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill provides code snippets in
references/features-keypairs.mdthat read the user's primary Solana CLI private key from~/.config/solana/id.json. Accessing these credentials poses a high risk of exposure. - [EXTERNAL_DOWNLOADS]: The documentation describes installing various official and community Solana libraries, such as
@solana/kit,@solana-program/system, and others under the@solana/and@solana-program/namespaces. - [PROMPT_INJECTION]: The skill enables an agent to fetch and interpret data from the Solana blockchain, which is an untrusted external source.
- Ingestion points: Uses
fetchEncodedAccount(references/core-accounts.md) andverifyOffchainMessageEnvelope(references/features-offchain-messages.md) to read data from the network. - Boundary markers: There are no boundary markers or instructions to ignore embedded text within the samples.
- Capability inventory: The skill utilizes network RPC methods (
rpc.send()) and local file system reads (fs.readFileSync). - Sanitization: No input validation or sanitization is demonstrated before the agent processes the external data.
Recommendations
- AI detected serious security threats
Audit Metadata