swap-execute
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions suggest installing the Foundry toolchain via a shell script fetched from 'https://foundry.paradigm.xyz' (curl | bash), which is a remote execution pattern from a well-known service.
- [CREDENTIALS_UNSAFE]: The skill provides instructions for managing sensitive private keys and keystore passwords using environment variables ($PRIVATE_KEY) and plaintext files (~/.foundry/.password), which may expose credentials to local processes, shell history, or backups.
- [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the 'cast' utility to sign and broadcast blockchain transactions based on provided parameters.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting transaction calldata from an external source ('swap-build' output). While it includes a confirmation step, it lacks automated validation of the binary payload. Ingestion points: 'swap-build' output JSON. Boundary markers: Final confirmation table with 'yes/no' prompt. Capability inventory: Execution of 'cast send' shell commands. Sanitization: Absent for the transaction data payload.
Audit Metadata