Skills
skills/near/agent-skills/near-dapp/Gen Agent Trust Hub

near-dapp

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the installation of third-party packages including near-connect-hooks, @hot-labs/near-connect, and near-api-js which are not from trusted organizations. It also references external code via esm.sh in references/near-connect.md.
  • REMOTE_CODE_EXECUTION (MEDIUM): The use of npx create-near-app@latest in SKILL.md and references/create-near-app.md downloads and executes remote code directly in the shell. While intended for scaffolding, it bypasses static verification of the executed logic.
  • COMMAND_EXECUTION (LOW): The skill relies on shell commands for environment setup and package management (npm install, npx).
  • INDIRECT_PROMPT_INJECTION (LOW):
  • Ingestion points: Blockchain data retrieved via viewFunction (e.g., guestbook messages in references/near-connect-hooks.md).
  • Boundary markers: Absent; the skill does not implement delimiters to isolate untrusted contract data from agent instructions.
  • Capability inventory: The skill provides access to transfer, callFunction, addFunctionCallKey, and deleteKey which are sensitive account operations.
  • Sanitization: Relies on default framework-level UI escaping (React) but lacks instruction-level sanitization for the LLM context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 03:34 PM