platon-cli
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation and metadata specify an installation command that downloads and executes a shell script directly from a remote source (
curl -L https://foundry.paradigm.xyz | bash). This pattern allows for arbitrary code execution on the user's system. Evidence: Metadata inSKILL.mdand Setup section instructions. - [COMMAND_EXECUTION]: The skill facilitates the execution of various shell commands via the
castutility. This capability is the primary function of the skill but presents a broad attack surface if inputs are not strictly controlled. Evidence: Multiple command templates inSKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by ingesting data from external, untrusted sources (PlatON blockchain RPC). Evidence Chain: 1. Ingestion points: Data returned from
castcalls to PlatON RPC endpoints (openapi2.platon.network) inSKILL.md. 2. Boundary markers: Absent in the command templates. 3. Capability inventory: Execution of shell commands (cast) and network requests. 4. Sanitization: No evidence of validation or sanitization of chain data before it is incorporated into the agent's context.
Recommendations
- HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata