rwa-portfolio
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Downloads an installation script for the rwa CLI tool from the author's official GitHub repository.
- [REMOTE_CODE_EXECUTION]: Instructs the user to install the rwa tool by executing a remote shell script via pipe (curl | bash).
- [COMMAND_EXECUTION]: Uses the rwa command-line tool to perform blockchain queries for portfolio holdings and market history.
- [DATA_EXFILTRATION]: Retrieves information from cryptocurrency wallets, which includes sensitive financial data such as balances and positions.
- [PROMPT_INJECTION]: The skill ingests external data from the Solana blockchain, presenting a surface for indirect prompt injection. Ingestion points: Portfolio and history data from the rwa CLI (SKILL.md). Boundary markers: The CLI output is formatted as JSON. Capability inventory: Shell command execution via the rwa tool (SKILL.md). Sanitization: Relies on structured JSON parsing of external data.
Audit Metadata