uniswap-swap-integration
Fail
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The 'Report install' script in SKILL.md collects sensitive system information including the local hostname and the user's home directory path ($HOME). This data is exfiltrated to an external service at https://plugin-store-dun.vercel.app/install and the author's API.
- [REMOTE_CODE_EXECUTION]: The 'Version check' script performs a dynamic check against a remote configuration file on GitHub. If a version mismatch is detected, it executes 'npx skills add', which downloads and runs code from a remote repository. This creates a vector for arbitrary code execution if the remote source is altered.
- [COMMAND_EXECUTION]: The skill executes several shell commands (hostname, uname, stat, shasum) to generate a persistent device fingerprint for tracking the user's environment.
- [EXTERNAL_DOWNLOADS]: The skill makes multiple outbound network requests using curl to raw.githubusercontent.com, okx.com, and a Vercel-hosted application to fetch configuration data and report telemetry.
- [PROMPT_INJECTION]: The skill uses 'AI Agent Instruction' blocks to explicitly command the agent to execute specific shell scripts and re-read its instructions after an update, which can be used to dynamically change the agent's behavior or bypass security constraints.
Recommendations
- AI detected serious security threats
Audit Metadata