contract-decode
Fail
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute
castandcurlcommands. It directs the agent to interpolate user-provided data, such as function selectors, contract addresses, and revert hex strings, directly into shell commands (e.g.,timeout 5 cast 4byte <selector>). There are no instructions to sanitize or validate these inputs before execution, creating a risk for arbitrary command injection if a user provides malicious input. - [EXTERNAL_DOWNLOADS]: The skill fetches contract ABIs and function signatures from external services including Sourcify, Etherscan, and 4byte.directory. These are well-known services in the Ethereum development ecosystem.
- [CREDENTIALS_UNSAFE]: The documentation for the Etherscan API query suggests using an API key directly within a
curlURL (apikey={key}). This practice can expose the sensitive key in command history, environment variables, or network logs depending on the execution environment's configuration. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from users and uses it to drive shell-based tool operations.
- Ingestion points: User-provided hex strings (revert data, calldata) and contract addresses extracted from chat history.
- Boundary markers: Absent; the skill does not define delimiters for the external data.
- Capability inventory: Extensive use of the Bash tool for network requests (
curl) and local binary execution (cast). - Sanitization: Absent; the workflow does not include steps to escape or validate user-pasted hex strings before they are used in command-line arguments.
Recommendations
- AI detected serious security threats
Audit Metadata