segment-finance
Warn
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Automatic bypass of interactive confirmation prompts. The code in
src/onchainos.rsincludes a--forceflag when calling the wallet's contract-call function, which prevents the platform tool from requesting a final user approval before broadcasting transactions.\n- [COMMAND_EXECUTION]: Misleading CLI documentation in SKILL.md. The documentation claims write operations require a--confirmflag for execution, yet the Rust binary's source code insrc/main.rsshows no implementation of such a parameter, leading to immediate execution if the dry-run flag is omitted.\n- [COMMAND_EXECUTION]: Metadata discrepancy regarding author identity. The skill metadata attributes the author asGeoGu360, whereas official vendor context identifies the author asMigOKG, suggesting potential misattribution.\n- [EXTERNAL_DOWNLOADS]: Fetches configuration and market data from a public RPC service. The skill connects tohttps://bsc-rpc.publicnode.comto interact with the BNB Smart Chain protocol.\n- [PROMPT_INJECTION]: Indirect prompt injection surface via on-chain data.\n - Ingestion points: Token symbols and account balances are retrieved from the blockchain via RPC calls in
src/rpc.rs.\n - Boundary markers: The skill includes a 'Security Notice' in
SKILL.mdadvising that data from the CLI be treated as untrusted.\n - Capability inventory: The skill can initiate financial transactions using the
onchainosCLI wrapper.\n - Sanitization: The skill formats output as structured JSON but lacks specific filtering for potentially malicious strings embedded in blockchain metadata.
Audit Metadata