token-authority-and-risk
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes the 'spl-token' CLI to perform actions like 'spl-token authorize'. This provides the agent with the capability to modify token ownership and permissions on the blockchain.- [PROMPT_INJECTION] (HIGH): Specifically Category 8 (Indirect Prompt Injection). The skill ingests untrusted data from blockchain explorers and CLI command outputs ('spl-token account-info'). Since this external data is used to decide whether to execute state-changing commands ('spl-token authorize') and there are no boundary markers or sanitization steps defined, the agent is vulnerable to malicious on-chain data designed to hijack the governance workflow.
Recommendations
- AI detected serious security threats
Audit Metadata