dx-terminal-pro
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a raw Ethereum private key via the DX_TERMINAL_PRIVATE_KEY environment variable. This secret is passed directly as a command-line argument to the cast utility in SKILL.md, which may expose it in system process monitoring tools or shell history.
- [COMMAND_EXECUTION]: The skill facilitates the execution of sensitive on-chain transactions using cast send. This includes the ability to perform ETH withdrawals from the user's trading vault.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by ingesting data from external API endpoints that could contain malicious instructions. 1. Ingestion points: Data is retrieved from the /strategies and /logs endpoints on api.terminal.markets. 2. Boundary markers: No delimiters are specified to isolate external API content from the agent's primary instructions. 3. Capability inventory: The agent possesses capabilities to transfer funds and modify its own trading logic. 4. Sanitization: External data from the API is not validated or sanitized before being processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata