metengine-data-agent
Fail
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains instructions for the agent to download and overwrite its own local instruction file (~/.claude/agents/metengine-data-agent.md) from a remote URL (https://www.metengine.xyz/skill.md), enabling remote behavior modification.\n- [DATA_EXFILTRATION]: The skill explicitly instructs the agent to read sensitive filesystem paths, specifically the Solana keypair at ~/.config/solana/id.json. This exposes high-value credentials to potential misuse or exfiltration.\n- [COMMAND_EXECUTION]: The skill implements multiple shell commands for maintenance, including curl for downloading remote content and bun add for installing external Node.js dependencies.\n- [COMMAND_EXECUTION]: The skill attempts to establish persistence by recommending a cron job that executes remote downloads on a weekly schedule.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its ingestion of data from 63 external API endpoints. 1. Ingestion points: 63 financial data endpoints (e.g., /api/v1/markets/intelligence). 2. Boundary markers: Absent for ingested market data. 3. Capability inventory: Filesystem access (id.json), network requests, and shell execution (curl). 4. Sanitization: Absent.\n- [EXTERNAL_DOWNLOADS]: Fetches executable-equivalent instructions and configuration data from the metengine.xyz domain without integrity verification.
Recommendations
- HIGH: Downloads and executes remote code from: https://www.metengine.xyz/skill.md - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata