Skills
skills/makinahq/makina-agents/cast/Gen Agent Trust Hub

cast

Fail

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The SKILL.md file contains an installation instruction curl -L https://foundry.paradigm.xyz | bash which pipes a remote script from an untrusted source directly into the system shell. This pattern allows for arbitrary code execution with the privileges of the user running the command.
  • [CREDENTIALS_UNSAFE]: The references/wallet-commands.md and references/transaction-commands.md files describe the use of highly sensitive private keys and provide documentation for an --unsafe-password flag for keystore encryption. Additionally, commands like cast wallet new and cast wallet sign involve the generation and handling of plaintext private keys in the terminal environment.
  • [EXTERNAL_DOWNLOADS]: The skill documents multiple commands that fetch data from external, non-whitelisted third-party services including:
  • openchain.xyz for function and event signature lookups (references/4byte-commands.md).
  • Etherscan for contract creation code and source code retrieval (references/code-commands.md and references/utility-commands.md).
  • User-provided RPC URLs for general blockchain state queries and transaction submission.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from external sources:
  • Ingestion points: RPC responses in references/transaction-commands.md, signature strings from openchain.xyz in references/4byte-commands.md, and contract metadata from Etherscan in references/code-commands.md.
  • Boundary markers: None identified in the provided documentation to distinguish between command output and potentially malicious instructions embedded in blockchain data.
  • Capability inventory: The skill uses the Bash tool to execute cast commands, providing a significant capability surface for an attacker who can influence command output.
  • Sanitization: No evidence of output sanitization or validation before the agent interprets the results of the CLI calls.
  • [COMMAND_EXECUTION]: The skill requires the Bash tool to interact with the system and execute the cast binary, which allows for broader system interaction than typical data-only skills.
Recommendations
  • HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 27, 2026, 01:51 PM