injective-trading-staking
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Automated scans detected a pattern involving network output piped to Python. However, the command in
SKILL.mdutilizespython3 -cwith an inline script that parses JSON data as an input stream (sys.stdin), which is a standard data-processing method rather than direct execution of remote code. - [COMMAND_EXECUTION]: The skill uses
curlandpython3commands to fetch and calculate staking data. These operations are limited to formatting public blockchain information. - [EXTERNAL_DOWNLOADS]: The skill references official Injective Network infrastructure, including
lcd.injective.network,tm.injective.network, andgrpc.injective.network. It also references thepyinjectiveSDK, which is the official client library for the vendor's platform. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the processing of external blockchain API data.
- Ingestion points: API responses from Injective LCD endpoints (e.g.,
/cosmos/staking/v1beta1/delegations). - Boundary markers: None present in the sample prompts or instructions.
- Capability inventory: Access to
curlandpython3for data retrieval and processing. - Sanitization: The implementation uses
json.load()for parsing, which treats the ingested API content as data.
Audit Metadata