ton-blueprint
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is centered around the
blueprintCLI tool, which is used to build, test, and run scripts on the local machine. - [REMOTE_CODE_EXECUTION]: The
blueprint runcommand executes arbitrary TypeScript scripts located in thescripts/directory, which have access to a powerfulNetworkProviderAPI. - [CREDENTIALS_UNSAFE]: The documentation guides users to store highly sensitive
WALLET_MNEMONICandWALLET_VERSIONenvironment variables in a.envfile for non-interactive deployments. - [EXTERNAL_DOWNLOADS]: The contract verification feature fetches configuration data from the
ton-communityorganization's public repository on GitHub. - [DATA_EXFILTRATION]: The
verifycommand transmits contract source code and metadata to theverifier.ton.orgservice as part of its intended verification workflow. - [PROMPT_INJECTION]: The toolchain exhibits an attack surface for indirect prompt injection as it processes external contract source code and blockchain API data using high-capability tools.
- Ingestion points: Smart contract source files (
.tolk,.fc,.tact), external API responses viaNetworkProvider, and configuration files. - Boundary markers: None identified in the provided documentation snippets to prevent the model from obeying instructions embedded in source code or data.
- Capability inventory: The skill facilitates full shell command execution, file system modification (e.g.,
blueprint packupdating project files), and network access for contract interactions. - Sanitization: No specific sanitization or validation protocols for processed external data are documented.
Audit Metadata