wagmi
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [Metadata Poisoning] (HIGH): The skill contains deceptive metadata, claiming a future generation date (2026-02-09) and a non-existent library version (v3.4.2). This misinformation poses a risk of directing the agent toward non-existent or malicious implementation patterns.
- [Indirect Prompt Injection] (HIGH): This skill enables a high-severity attack surface by providing the agent with capabilities to execute blockchain transactions (writeContract, sendTransaction) based on data ingested from external contracts (readContract). Without sanitization or boundary markers, an attacker could manipulate contract states to induce the agent to sign unauthorized transactions. Evidence: (1) Ingestion points: readContract and useReadContract (references/core-actions.md, references/react-read-write-contract.md); (2) Boundary markers: Absent; (3) Capability inventory: writeContract and sendTransaction (references/core-actions.md); (4) Sanitization: Absent.
- [Remote Code Execution] (HIGH): The skill encourages executing untrusted remote code via 'npm create wagmi'. Because neither the library nor the author are within the defined TRUST-SCOPE-RULE whitelist, this is classified as a high-risk RCE pattern.
- [No Code] (INFO): The skill consists entirely of Markdown documentation and does not include any scripts that are executed directly by the agent runtime.
Recommendations
- AI detected serious security threats
Audit Metadata