blockrun
Warn
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
blockrun-llmPython package from an unverified community source, which introduces a supply chain risk for the agent environment. - [DATA_EXFILTRATION]: The skill manages sensitive wallet session data stored in
$HOME/.blockrun/.sessionand routes agent queries and potentially sensitive user data through a third-party proxy service to reach providers like OpenAI and xAI. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via its live X/Twitter search functionality. Ingestion points: real-time search results from X/Twitter (SKILL.md). Boundary markers: Absent. Capability inventory: Python code execution, local file system access, and network operations. Sanitization: Absent. Malicious instructions embedded in social media posts could be interpreted as authoritative by the agent.
- [COMMAND_EXECUTION]: The agent is instructed to execute Python code that utilizes an unverified third-party SDK to perform financial transactions and external API calls.
Audit Metadata