Skills
skills/restorenode/hackathon-skills/initia-appchain-dev/Gen Agent Trust Hub

initia-appchain-dev

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The script scripts/install-tools.sh invokes sudo apt-get install -y jq to install system dependencies. While part of a setup process, automated use of sudo is a high-privilege operation that can be risky if the script is compromised.
  • EXTERNAL_DOWNLOADS (MEDIUM): Multiple scripts download and execute content from external sources not included in the Trusted GitHub Organizations list:
  • scripts/install-tools.sh downloads the weave and initiad binaries from github.com/initia-labs and installs them into the user's path.
  • scripts/scaffold-contract.sh performs a git clone from github.com/initia-labs/movevm.git.
  • scripts/scaffold-frontend.sh executes npm install for numerous packages including vite, wagmi, and @initia libraries.
  • PROMPT_INJECTION (LOW): The scripts scripts/check-provider-setup.sh and scripts/verify-appchain.sh process data from external files and network RPC responses, which are surfaces for Indirect Prompt Injection.
  • Ingestion points: User-provided React source files in check-provider-setup.sh; blockchain RPC status responses in verify-appchain.sh.
  • Boundary markers: Absent; the scripts do not use delimiters to isolate processed data from the agent's internal reasoning context.
  • Capability inventory: The skill possesses the capability to execute shell commands, perform file system writes, and conduct network operations via the weave and minitiad binaries.
  • Sanitization: No sanitization or validation of the ingested content is performed beyond basic regex matching for verification purposes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 04:59 PM