Skills
skills/tekkaadan/litcoin-skill/litcoin-miner/Gen Agent Trust Hub

litcoin-miner

Warn

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation in references/protocol.md instructs users to download a standalone Python mining script directly from https://litcoin.app/litcoin_miner.py.
  • [COMMAND_EXECUTION]: The skill provides instructions for executing several shell commands, including pip install litcoin, npx litcoin-mcp, and running the downloaded script via python litcoin_miner.py.
  • [REMOTE_CODE_EXECUTION]: The 'Research Mining' feature involves the agent generating Python code using an LLM to solve optimization tasks. This code is then executed locally to verify performance metrics, which constitutes the dynamic execution of AI-generated content based on externally provided tasks.
  • [CREDENTIALS_UNSAFE]: The skill requires a BANKR_API_KEY for wallet operations and can optionally use the same key or an additional ai_key for AI services. These keys are sensitive as they control access to crypto assets and paid API credits.
  • [DATA_EXFILTRATION]: The SDK is configured to automatically capture reasoning traces (chain-of-thought) and submissions, uploading them to a centralized archive at api.litcoin.app. This is intended behavior for the protocol but involves the outbound transfer of agent-generated content.
  • [PROMPT_INJECTION]: The skill exposes a significant surface for Indirect Prompt Injection through its 'Comprehension Mining' feature.
  • Ingestion points: In agent.mine(), the agent fetches and processes 'dense prose narratives' and 'reasoning questions' from the coordinator API (api.litcoin.app).
  • Boundary markers: There are no explicit instructions or delimiters mentioned to prevent the agent from obeying instructions that might be embedded within these prose documents.
  • Capability inventory: The agent has high-privilege capabilities, including claiming rewards (agent.claim()), staking tokens (agent.stake()), and managing vaults (agent.open_vault(), agent.mint_litcredit()).
  • Sanitization: No sanitization or validation of the ingested prose is documented, allowing a malicious challenge to potentially manipulate the agent into performing unauthorized DeFi transactions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 17, 2026, 09:08 AM