t2000-sentinel
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the use of the
@t2000/clipackage, which is downloaded and executed from the npm registry. This package does not originate from a known trusted organization or a well-known service. - Evidence: Metadata requires
t2000 CLI (npx @t2000/cli init)inSKILL.md. - [REMOTE_CODE_EXECUTION]: The use of
npxto initialize thet2000CLI tool facilitates the direct execution of remote code from the npm registry during the setup process. - Evidence:
requires: t2000 CLI (npx @t2000/cli init)inSKILL.md. - [COMMAND_EXECUTION]: The skill makes extensive use of CLI commands to interact with the Sui blockchain, manage wallet balances, and execute attacks, which involves network communication and financial asset management.
- Evidence: Commands such as
t2000 balance,t2000 swap, andt2000 sentinel attackare used throughoutSKILL.md. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes untrusted output from external AI "sentinels" that could contain malicious instructions.
- Ingestion points: Data enters the agent context through the outputs of
t2000 sentinel list,t2000 sentinel info, andt2000 sentinel attackinSKILL.md. - Boundary markers: No delimiters or explicit instructions to ignore embedded content are present in the command flows.
- Capability inventory: The skill has the capability to execute shell commands and perform financial transactions (swaps and transfers) via the CLI in
SKILL.md. - Sanitization: There is no evidence of validation or sanitization of the content returned from external sentinel responses.
Audit Metadata