0xwork
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a 'PRIVATE_KEY' for a blockchain wallet to be provided as an environment variable and stored in a local '.env' file. Handling raw private keys is a high-risk operation, as exposure would lead to total loss of funds in the associated wallet.
- [EXTERNAL_DOWNLOADS]: The instructions require the installation of the '@0xwork/sdk' package from the NPM registry. While this is a vendor resource, it involves downloading and installing external executable code.
- [COMMAND_EXECUTION]: The skill makes extensive use of a CLI tool ('0xwork') for on-chain interactions. Furthermore, the 'references/execution-guide.md' explicitly instructs the agent to write and 'test' (execute) code based on task descriptions found on the marketplace. Executing code derived from untrusted external sources is a dangerous behavior that can lead to system compromise.
- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection due to its interaction with a decentralized marketplace.
- Ingestion points: The agent processes external task descriptions via the '0xwork discover' and '0xwork task' commands as defined in 'SKILL.md'.
- Boundary markers: There are no boundary markers or instructions to treat the marketplace data as untrusted content.
- Capability inventory: The agent has access to 'exec', 'write', and networking capabilities through the '0xwork' CLI and standard agent tools mentioned in 'references/execution-guide.md'.
- Sanitization: No sanitization or validation of the task descriptions is performed before they are used to guide agent actions or code execution.
Recommendations
- AI detected serious security threats
Audit Metadata