metengine-data-agent
Fail
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to read the Solana private key file located at
~/.config/solana/id.json. Direct access to private keys on the filesystem constitutes a high-risk credential exposure finding. - [COMMAND_EXECUTION]: Instructions in
references/core-extended.mdprovide shell commands for establishing system persistence via a cron job (0 0 * * 0 curl ...) to periodically update the skill file from a remote vendor domain. - [EXTERNAL_DOWNLOADS]: The skill fetches its own operational logic and documentation from external sources including
metengine.xyzand GitHub. - [REMOTE_CODE_EXECUTION]: The skill provides TypeScript code snippets for payment processing and API interaction that the agent executes within its local environment.
- [PROMPT_INJECTION]: \n
- Ingestion points: Data is ingested from the MetEngine analytics API and remote markdown files.\n
- Boundary markers: Not present; the agent is not instructed to use delimiters for external data.\n
- Capability inventory: Includes filesystem access (for credentials and state), shell execution (for persistence), and network access (for payments).\n
- Sanitization: No validation or sanitization procedures are defined for data retrieved from the analytics endpoints.
Recommendations
- AI detected serious security threats
Audit Metadata