Skills
skills/plurigrid/asi/wev-orderless/Gen Agent Trust Hub

wev-orderless

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • Data Exposure & Exfiltration (HIGH): The skill references specific local file paths for sensitive data extraction.
  • Evidence: Hardcoded URI file:///Users/alice/agent-o-rama/agent-o-rama/dev/secure_wallets.json in the 'See Also' section. Accessing wallet configuration files using absolute paths to a specific user directory is a significant privacy and security risk.
  • Indirect Prompt Injection (HIGH): The skill creates a dangerous attack surface by combining external data ingestion with transaction execution capabilities.
  • Ingestion points: Reads from bib.duckdb and external markdown files like WEV_SYNTHESIS.md and SKILL_ADJUNCTIONS.md.
  • Boundary markers: No delimiters or safety instructions are defined for processing the content of these external files.
  • Capability inventory: Possesses the capability to execute blockchain transactions via just wev-transfer and integration with aptos-agent.
  • Sanitization: No evidence of sanitization or validation for the 'knowledge differentials' or 'epistemic transfer' data processed by the agent.
  • Command Execution (MEDIUM): The skill relies on the just command runner to execute various operations (wev-scan, wev-transfer, aptos-world-balances). This abstracts the actual logic into an unexamined justfile, which could contain malicious shell commands.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:02 PM