metaplex
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the official Metaplex CLI (
@metaplex-foundation/cli) via the NPM registry and provides commands to download project templates for programs and websites. These operations are conducted through the author's official channels and represent expected developer utility functions. - [COMMAND_EXECUTION]: The skill documents the use of the
mplx toolbox rawcommand, which allows for the execution of arbitrary base64-encoded instructions. This is an advanced feature intended for power users to interact with custom or unsupported on-chain programs and is documented neutrally as a developer tool. - [DATA_EXPOSURE]: The instructions guide users on configuring the CLI with local Solana keypairs, frequently located at standard paths such as
~/.config/solana/id.json. These files are necessary for the legitimate operation of signing blockchain transactions and are not exfiltrated or accessed in an unauthorized manner. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes user-supplied metadata (e.g., NFT names, descriptions, and service endpoints) which are eventually stored on-chain.
- Ingestion points: Metadata fields in
cli-core.md,cli-genesis.md, andsdk-agent.md. - Boundary markers: Absent in the documentation examples.
- Capability inventory: Blockchain transaction submission, file uploads to Irys, and execution of raw instructions.
- Sanitization: Relies on the user and the underlying Metaplex on-chain programs.
Audit Metadata