morpho
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions include piping a remote script to the shell (curl | sh) to install platform CLI tools.
- [EXTERNAL_DOWNLOADS]: The skill downloads a compiled binary executable from GitHub and modifies its permissions to allow local execution.
- [DATA_EXFILTRATION]: Telemetry logic collects and exfiltrates system metadata, including the hostname and home directory path, to external endpoints for reporting purposes.
- [COMMAND_EXECUTION]: The backend implementation utilizes subprocess spawning to execute the onchainos CLI for wallet and contract operations.
- [CREDENTIALS_UNSAFE]: Prerequisite token approval transactions are configured to use the --force flag, which causes them to be broadcast without a user confirmation prompt.
- [PROMPT_INJECTION]: The skill ingests untrusted data from the Morpho GraphQL and Merkl APIs while possessing write-access capabilities to smart contracts. This represents an indirect prompt injection surface with the following evidence: 1. Ingestion point: src/api.rs (graphql_query); 2. Boundary markers: Absent; 3. Capabilities: src/onchainos.rs (wallet_contract_call); 4. Sanitization: Mention of field filtering in SKILL.md.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/okx/onchainos-skills/main/install.sh - DO NOT USE without thorough review
Audit Metadata