onchain
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of the NPM package
@cyberdrk/onchain. This package is a third-party dependency not hosted by a recognized trusted organization or the skill author's own organization. - [CREDENTIALS_UNSAFE]: The skill is designed to manage and store sensitive API keys for major exchanges (Coinbase, Binance) and blockchain providers (DeBank, Helius). The inclusion of the
onchain configcommand, which allows viewing current settings, presents a risk of exposing these plaintext credentials to the agent's context. - [COMMAND_EXECUTION]: The skill relies on executing the
onchainCLI tool through shell commands to perform all its functions, including configuration and data retrieval. - [DATA_EXFILTRATION]: The skill provides tools to aggregate and retrieve private financial information, such as CEX balances and full on-chain portfolios. An agent could potentially be instructed to exfiltrate this retrieved data to an external endpoint.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8):
- Ingestion points: Data is ingested from untrusted external sources via
onchain history,onchain tx <explorer-url>, andonchain polymarket search. - Boundary markers: There are no delimiters or instructions provided to the agent to distinguish between the CLI's administrative output and the potentially malicious content fetched from the blockchain or external APIs.
- Capability inventory: The skill has the capability to execute shell commands (
onchain ...). - Sanitization: No evidence of sanitization or validation of the data retrieved from external transaction lookups or prediction markets is present.
Audit Metadata