compound-v3
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup process fetches and executes an installation script (
install.sh) directly from the author's official GitHub repository. - [EXTERNAL_DOWNLOADS]: Downloads the
compound-v3executable binary from the author'splugin-storerelease page on GitHub to enable local execution. - [DATA_EXFILTRATION]: Performs installation reporting by sending a hashed device fingerprint (derived from hostname and user environment) to the author's Vercel and OKX API endpoints.
- [PROMPT_INJECTION]: Includes explicit instructions for the agent to treat all data fetched from on-chain smart contracts as untrusted external content, establishing a clear trust boundary.
Audit Metadata