meme-trench-scanner
Fail
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The local dashboard UI (
assets/dashboard.html) exhibits an indirect prompt injection surface. Ingestion points: Token symbols, names, and transaction messages retrieved from the blockchain via onchainos. Boundary markers: Absent; external data is rendered directly into the UI. Capability inventory: Transaction signing and execution via onchainos CLI. Sanitization: None; the dashboard usesinnerHTMLto render token metadata, allowing a maliciously named token to potentially execute arbitrary JavaScript (XSS) in the user's browser. - [COMMAND_EXECUTION]: The script
scan_live.pyutilizessubprocess.runwithshell=Trueto clear the dashboard port during startup. While this is limited to a local environment management task, using the shell to execute concatenated strings is a security anti-pattern. - [EXTERNAL_DOWNLOADS]: The bot relies on the onchainos CLI, which is an external dependency downloaded from
onchainos.com. The skill provides the installation command (curl | bash) to the user via documentation and console output. While this is a common installation method for developers, it involves executing unverified remote scripts.
Recommendations
- HIGH: Downloads and executes remote code from: https://onchainos.com/install.sh - DO NOT USE without thorough review
Audit Metadata