ercdata
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHCREDENTIALS_UNSAFENO_CODEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires the
ERCDATA_KEYenvironment variable, which is a plaintext Ethereum private key used to sign transactions. Providing private keys to scripts from untrusted sources is a critical risk that can lead to the total loss of wallet funds. - [NO_CODE] (HIGH): The core functionality resides in
scripts/ercdata-cli.py, which is missing from the skill files. Users are instructed to execute this unknown script with high-privilege credentials. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion: The
readcommand andgetData()function retrieve arbitrary data from the Ethereum blockchain. 2. Boundary markers: No delimiters are specified to isolate untrusted blockchain data from agent instructions. 3. Capability inventory: The skill can execute state-changing transactions (store, grant-access, register-type) that incur financial costs and manage permissions. 4. Sanitization: No sanitization or validation of data retrieved from the blockchain is implemented. - [COMMAND_EXECUTION] (MEDIUM): The skill documentation describes executing local Python scripts using
uv run. Without the source code forercdata-cli.py, these operations are unverifiable.
Recommendations
- AI detected serious security threats
Audit Metadata