contract-learner
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches smart contract ABI data from the Etherscan API, which is a well-known and trusted blockchain information provider.\n- [REMOTE_CODE_EXECUTION]: Instructions provide a command to install the 'Foundry' development toolset using
curl -L https://foundry.paradigm.xyz | bash. This is a standard installation pattern for a well-known technology provider.\n- [COMMAND_EXECUTION]: Utilizes thecastCLI tool to perform blockchain read calls and fetch contract details. It also generates instructions for usingkeypo-wallet, which is a tool from the skill's own vendor.\n- [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface because it processes untrusted data (verified ABIs) from the blockchain and uses it to generate a newSKILL.mdfile. A malicious contract author could craft function names or metadata within a verified ABI to include instructions intended to influence the behavior of the agent using the generated skill.\n - Ingestion points: Contract ABI fetched via Etherscan API and parsed into function lists.\n
- Boundary markers: Absent; the generated output template does not include delimiters or instructions to ignore embedded commands in the ABI data.\n
- Capability inventory: The skill uses
cast interface,cast call, andcurl, and writes new skill files to the local file system.\n - Sanitization: No sanitization or validation of function signatures or names retrieved from the ABI is performed before interpolation into the generated skill file.
Recommendations
- HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
Audit Metadata