Skills
skills/keep-starknet-strange/starknet-agentic/starknet-defi/Gen Agent Trust Hub

starknet-defi

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): The skill documentation and implementation guide users to provide the STARKNET_PRIVATE_KEY via environment variables. While not hardcoded, this sensitive signing key is a high-value target for exfiltration by any malicious script or compromised dependency.
  • [COMMAND_EXECUTION] (HIGH): The skill enables the agent to perform irreversible blockchain transactions (executeSwap, executeStake, executeCreateDca). Malicious manipulation of input parameters could lead to unauthorized transfer of funds.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires installing @avnu/avnu-sdk and starknet packages. While these are common in the ecosystem, they are not from the pre-defined list of trusted sources and represent a supply chain risk.
  • [INDIRECT_PROMPT_INJECTION] (HIGH):
  • Ingestion points: User-provided token symbols, swap amounts, and transaction parameters from natural language prompts.
  • Boundary markers: None present; instructions are directly interpolated into transaction logic.
  • Capability inventory: Full write/execute capability for Starknet transactions using a private key.
  • Sanitization: Uses fetchVerifiedTokenBySymbol for verification, but this does not prevent an attacker from tricking the agent into executing transactions with unfavorable parameters or to unintended recipient addresses.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:31 AM