t2000-save
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation and initialization of the @t2000/cli package from the NPM registry via npx.
- [COMMAND_EXECUTION]: The skill operates by executing shell commands using the t2000 CLI tool, which is a common pattern for blockchain interaction skills.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it accepts user-provided parameters that are directly used in shell commands without specified sanitization.
- Ingestion points: The amount, asset, and protocol arguments in SKILL.md are entry points for untrusted data.
- Boundary markers: There are no boundary markers or delimiters defined to separate user input from the command structure.
- Capability inventory: The skill has the capability to execute shell commands via the t2000 CLI.
- Sanitization: No input validation, escaping, or filtering mechanisms are documented for the external parameters.
Audit Metadata