cairo-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill performs piped remote code execution using
curl -L https://raw.githubusercontent.com/foundry-rs/starknet-foundry/master/scripts/install.sh | sh. This is a confirmed detection of remote execution from an untrusted source repository (foundry-rs). - [CREDENTIALS_UNSAFE] (HIGH): The skill targets and references
~/.starknet_accounts/starknet_open_zeppelin_accounts.json, a sensitive file path known to store unencrypted or lightly protected private keys for Starknet blockchain accounts. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill downloads and installs software via
cargo install starknet-devnetandasdf, which relies on the integrity of third-party registries and unverified remote binaries. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection. Evidence: (1) Ingestion points: user-provided constructor and function calldata in
sncastcommands. (2) Boundary markers: Absent. (3) Capability inventory: Full Bash command execution and file modification. (4) Sanitization: Absent; inputs are directly interpolated into shell commands.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/foundry-rs/starknet-foundry/master/scripts/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata