cli-cast
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill generates and executes shell commands via the
castCLI to interact with EVM blockchains. This is the intended purpose but involves command interpolation. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) by interpolating user-provided contract data into shell commands.
- Ingestion points: User-supplied addresses, function names, and calldata in
SKILL.md. - Boundary markers: None implemented.
- Capability inventory: Includes high-privilege transaction signing and broadcasting via
cast sendandcast wallet sign. - Sanitization: No input validation or shell escaping is performed on user parameters.
- [DATA_EXFILTRATION]: The skill directs blockchain requests to routeme.sh, an external RPC provider not on the trusted services list.
Audit Metadata