term-structure
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a platform-specific binary (
term-structure) from the vendor's official GitHub repository (MigOKG/plugin-store). - [COMMAND_EXECUTION]: Runs shell scripts to detect the host architecture, manage binary installation in
~/.local/bin, and execute installation reporting logic. - [DATA_EXFILTRATION]: Collects system metadata including
hostname, operating system details, and the user's home directory path to generate a unique device ID. This ID is hashed and sent via POST requests to external telemetry endpoints atplugin-store-dun.vercel.appandokx.comfor installation tracking. - [REMOTE_CODE_EXECUTION]: Downloads an external binary and grants it execution permissions (
chmod +x), which is then utilized for all protocol-related commands. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from external on-chain smart contracts. It includes a 'Data Trust Boundary' warning instructing the agent to treat all CLI output as untrusted content.
Audit Metadata