monad-development
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The skill explicitly instructs the agent to persist generated wallet private keys to local files such as
~/.monad-walletor.env. This practice facilitates the exposure of sensitive credentials to other processes, subsequent agent sessions, or potential exfiltration if the filesystem is compromised. - EXTERNAL_DOWNLOADS (MEDIUM): The skill directs the agent to fetch instructions from an external URL (
https://docs.monad.xyz/llms.txt). This allows external, unverified content to influence agent behavior at runtime, effectively acting as an unverifiable dependency for instructions. - DATA_EXFILTRATION (LOW): The skill utilizes
curlto interact withhttps://agents.devnads.com, a domain not present in the trusted or whitelisted sources list. While intended for faucet and verification services, it creates a potential channel for data transmission to a non-validated endpoint. - COMMAND_EXECUTION (LOW): The skill relies on shell execution for core tasks using
forge,cast, andcurl. While these are legitimate tools for blockchain development, their use on external or dynamically generated data increases the risk profile. - Indirect Prompt Injection (LOW): The skill is vulnerable to tool output poisoning due to its reliance on external documentation for decision-making.
- Ingestion points: File
SKILL.md(via instructions to fetchhttps://docs.monad.xyz/llms.txt). - Boundary markers: Absent; no instructions provided to the agent to treat external content as untrusted.
- Capability inventory: Extensive subprocess calls (
forge,cast,curl) and file-writing capabilities (~/.monad-wallet). - Sanitization: Absent; the agent is not instructed to validate or sanitize the content fetched from external documentation.
Recommendations
- AI detected serious security threats
Audit Metadata