Skills
skills/signorcrypto/deck0-skills/DECK-0/Gen Agent Trust Hub

DECK-0

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (CRITICAL): The skill instructs the agent to download and execute a script directly from a third-party URL using a piped shell command.
  • Evidence: curl -L https://foundry.paradigm.xyz | bash in SKILL.md and README.md.
  • Impact: This allows arbitrary code execution from a source outside of the trusted domain list, bypassing verification.
  • [CREDENTIALS_UNSAFE] (HIGH): The skill design relies on the user providing a raw Ethereum private key via environment variables.
  • Evidence: export DECK0_PRIVATE_KEY="0x..." mentioned as a fallback in README.md, SKILL.md, and auth.md.
  • Impact: Storing raw private keys in environment variables is a high-risk practice as they can be exposed through process listings, logs, or other vulnerabilities.
  • [COMMAND_EXECUTION] (HIGH): The skill heavily utilizes shell commands for critical operations including signing and transaction submission.
  • Evidence: Shell scripts in auth.md and smart-contracts.md invoke cast wallet sign, cast send, openssl, and shasum.
  • Impact: If inputs to these commands (like contract addresses or data payloads) are manipulated, it could lead to command injection or unintended blockchain transactions.
  • [PROMPT_INJECTION] (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) which can result in financial loss.
  • Ingestion points: External API responses from https://app.deck-0.com (e.g., collection metadata, price quotes).
  • Boundary markers: Absent. The skill does not define delimiters to separate untrusted API data from instructions.
  • Capability inventory: The agent has the ability to sign payloads (cast wallet sign) and execute on-chain transactions (cast send) using the user's wallet.
  • Sanitization: Absent. No evidence of input validation or escaping for data retrieved from the API before it is used in logic or displayed.
  • Impact: An attacker who compromises the API or hosts a malicious collection could inject instructions into the API response to trick the agent into signing a malicious transaction or sending funds to an attacker-controlled address.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://foundry.paradigm.xyz - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 12:33 AM