dapp-morpho
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation instructs the agent to download and execute a shell script from a remote URL using the pattern
curl -sSL ... | sh. This is a high-risk distribution method that allows for unverified code execution from thepurong-huang-1121/skills-storerepository. - [CREDENTIALS_UNSAFE]: The skill documentation explicitly guides users to store their
EVM_PRIVATE_KEYin a plaintext.envfile. This practice exposes sensitive cryptographic credentials to any local process or user with access to the file system. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the Morpho protocol API. \n
- Ingestion points: The
plugin-store morpho vaultcommand retrievesmetadata.descriptionandmetadata.forumLink(SKILL.md). \n - Boundary markers: Absent; there are no instructions to the agent to treat this data as untrusted or to use delimiters. \n
- Capability inventory: The skill can execute shell commands via
plugin-storeandsh(SKILL.md). \n - Sanitization: Absent; the instructions do not specify any validation, filtering, or escaping for the retrieved external text.
- [COMMAND_EXECUTION]: The skill relies on executing various shell commands including
which,cat,date, and the customplugin-storeCLI to manage its operations and check for updates.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/purong-huang-1121/skills-store/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata