deepbook-cli
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill facilitates the handling of cryptocurrency private keys through command-line arguments (e.g., --private-key , import-key [privateKey]). This is a high-risk pattern because credentials provided as flags can be exposed in the system's process list or shell history files.
- CREDENTIALS_UNSAFE (HIGH): The skill accesses and manages sensitive configuration data in ~/.deepbook/config.json, which is a sensitive file path containing account and key information.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of the deepbook-cli package from the npm registry. This package is not from a verified or trusted organization listed in the security policy.
- COMMAND_EXECUTION (MEDIUM): The skill relies on executing shell commands via the deepbook binary to perform all actions, including high-stakes financial transactions and wallet management.
- PROMPT_INJECTION (LOW): The skill ingests untrusted data from blockchain providers (e.g., via deepbook pools and trades). This represents an indirect prompt injection surface where attacker-controlled data could influence agent behavior. 1. Ingestion points: deepbook pools, deepbook trades, deepbook orderbook. 2. Boundary markers: Absent. 3. Capability inventory: Shell command execution, financial transactions, file-write to ~/.deepbook. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata