injective-mcp-servers
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to clone a repository from https://github.com/InjectiveLabs/mcp-server and install the skill using npx skills add InjectiveLabs/agent-skills. As these are resources provided by the skill author (InjectiveLabs), they are documented as vendor resources.
- [COMMAND_EXECUTION]: Installation and execution steps involve running npm install, npm run build, and node ./dist/mcp/server.js on local systems. These commands execute code from the downloaded repository.
- [CREDENTIALS_UNSAFE]: The skill provides tools for managing sensitive credentials, specifically wallet_generate (reveals mnemonics) and wallet_import (accepts hex private keys). Users are also prompted to provide passwords in sample interactions.
- [PROMPT_INJECTION]: The skill uses the SearchInjectiveDocs tool to ingest external data from a hosted endpoint (https://docs.injective.network/mcp). This data is processed in the same context as high-privilege tools like transfer_send, trade_open, and evm_broadcast, creating a surface for indirect prompt injection attacks if the documentation source is compromised. 1. Ingestion points: SearchInjectiveDocs tool (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: wallet_generate, wallet_import, transfer_send, trade_open, evm_broadcast (SKILL.md). 4. Sanitization: Absent.
Audit Metadata