pnp-markets
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires a
PRIVATE_KEYfor a blockchain wallet to be exported as an environment variable. This is a highly sensitive credential that, if exposed via logs or environment dumping, leads to a total loss of assets. - [COMMAND_EXECUTION] (HIGH): The skill uses
npx ts-nodeto execute local scripts (e.g.,scripts/trade.ts). These scripts have full access to the user's environment, including the providedPRIVATE_KEY, and perform financial transactions. - [EXTERNAL_DOWNLOADS] (MEDIUM): The programmatic usage relies on the
pnp-evmpackage. This package is not from a trusted source (as defined in the security framework) and its integrity cannot be verified in this context. - [BEST_PRACTICE_VIOLATION] (MEDIUM): The documentation explicitly encourages the use of 'Infinite Approvals' (
type(uint256).max). This is a dangerous DeFi pattern that allows the smart contract to move an unlimited amount of the user's tokens, creating a massive risk if the protocol's contracts are ever compromised. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: Market questions and metadata are ingested via the
--questionflag or thecreateMarketfunction. - Boundary markers: None present; the question is a raw string.
- Capability inventory: Executes blockchain transactions via wallet signature.
- Sanitization: None mentioned. While the impact is largely limited to the transaction payload, an agent automatically creating markets based on untrusted summaries could be manipulated into creating fraudulent markets.
Recommendations
- AI detected serious security threats
Audit Metadata