arcium
Fail
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill metadata deceptively claims 'arcium-hq' as the author, which contradicts the actual author 'sendaifun' identified in the system context.
- [REMOTE_CODE_EXECUTION]: A high-risk command pattern 'curl -sSfL https://install.arcium.com/ | bash' is documented in references/troubleshooting.md for tool installation, allowing execution of remote scripts without verification.
- [DATA_EXFILTRATION]: The mcp.json configuration connects to 'https://docs.arcium.com/mcp', allowing the agent to communicate with an external endpoint from an unverified domain.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill fetches unsanitized documentation via MCP. 1. Ingestion points: Documentation content is retrieved from external MDX files via the search_arcium_docs and query_docs_filesystem_arcium_docs tools. 2. Boundary markers: No delimiters are used to separate external data from instructions. 3. Capability inventory: The agent can generate code, write files, and execute CLI commands such as arcium and anchor. 4. Sanitization: No validation or sanitization of fetched documentation is performed before processing.
- [EXTERNAL_DOWNLOADS]: The skill references resources from external domains like arcium.com that are not recognized as trusted organizations or well-known services under the governing security policy.
- [COMMAND_EXECUTION]: The skill instructions provide the agent with the authority to execute local CLI tools such as arcium, anchor, and docker, which can modify the system state and local environment.
Recommendations
- AI detected serious security threats
Audit Metadata