web3-btt
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the agent to run 'cargo install bulloak' if the tool is missing. This source ('alexfertel/bulloak') is not on the trusted repository list, introducing a potential supply chain risk.
- COMMAND_EXECUTION (LOW): The skill relies on executing 'bulloak' and 'just' commands in the shell. While expected for its purpose, these commands provide the agent with active file-writing and execution capabilities.
- Indirect Prompt Injection (HIGH): This skill has a high-risk surface for indirect injection. 1. Ingestion points: The skill reads untrusted '.tree' files as the primary source for code generation (e.g., 'bulloak scaffold <path/to/file.tree>'). 2. Boundary markers: Absent; no instructions are provided to the agent to validate or treat these external inputs as untrusted content. 3. Capability inventory: The skill has full capability to write new Solidity files ('.t.sol') to the filesystem and execute binary commands. 4. Sanitization: Absent; content from the '.tree' files is directly used to scaffold the structure and logic of the generated test contracts, meaning a malicious tree file could inject arbitrary Solidity code or exploit the parser.
Recommendations
- AI detected serious security threats
Audit Metadata