magicblock
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides instructions for downloading and executing a remote script via shell piping from a source not included in the Trusted External Sources list. This pattern is a high-risk vector for arbitrary code execution. Evidence:
sh -c "$(curl -sSfL https://release.anza.xyz/v2.3.13/install)"inresources/program-ids.md. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references and installs multiple external packages and tools from repositories (e.g., coral-xyz, magicblock-labs) that are not on the verified trust list. Evidence:
cargo install --git https://github.com/coral-xyz/anchor anchor-cliinresources/program-ids.md. - [PROMPT_INJECTION] (LOW): The skill presents an attack surface for indirect prompt injection by processing on-chain data and oracle results without sanitization. 1. Ingestion points:
examples/vrf-randomness/README.mdandexamples/crank-automation/README.mdprocess external state. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls via CLI instructions,schedule_crank, and persistent state updates. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata