keypo-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads the
keypo-walletandkeypo-signerCLI tools from the author's official Homebrew tap (keypo-us/tap). As a vendor-owned resource, this installation path is considered standard for the skill's functionality.\n- [COMMAND_EXECUTION]: Executes thekeypo-walletbinary to perform blockchain operations such as balance checks, transaction signing, and account initialization.\n- [COMMAND_EXECUTION]: Utilizespython3 -cto parse and extract wallet policy information from local JSON files, which involves executing code to process structured data.\n- [DATA_EXFILTRATION]: Accesses local configuration files (~/.keypo/config.tomland~/.keypo/accounts.json) containing wallet metadata, RPC endpoints, and account labels required for operational state management.\n- [PROMPT_INJECTION]: Indirect prompt injection surface identified:\n - Ingestion points: Reads
~/.keypo/accounts.jsonto retrieve wallet labels and signing policies (e.g., 'open', 'passcode').\n - Boundary markers: None present; the agent relies on the structure of the JSON output.\n
- Capability inventory: Significant capabilities including
keypo-wallet sendandbatchfor executing transactions on the Ethereum Virtual Machine (EVM).\n - Sanitization: No explicit sanitization or validation of the local JSON content is performed before interpolation into the agent's context.
Audit Metadata