shipmytoken
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill documentation (CHANGELOG.md) explicitly states it performs 'Secure wallet creation and backup' with data stored in
~/.shipmytoken/. Managing and storing raw private keys on the filesystem is a high-risk activity for AI agents. - COMMAND_EXECUTION (HIGH): The skill configures system-level persistence using
cronfor daily recaps and executes external CLI tools likesolana-keygenfor vanity address generation. - PROMPT_INJECTION (LOW): The skill ingests untrusted data such as token names, symbols, and metadata. This presents a surface for indirect prompt injection if the agent interpolates this data into its own reasoning or prompts without sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata