litcoin-miner
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation directs users to download a standalone miner script from an external domain (litcoiin.xyz) and install several Python/Node packages.
- [REMOTE_CODE_EXECUTION]: The downloaded script (litcoin_miner.py) is intended for direct execution on the user's host machine via Python.
- [COMMAND_EXECUTION]: The 'Research Mining' feature (agent.research_loop) involves the AI generating experimental code that is executed locally to find optimizations for specified tasks.
- [DATA_EXFILTRATION]: The skill requires users to provide sensitive API keys (bankr_key and ai_key) which are used for network-based authentication and AI inference requests to external APIs.
- [PROMPT_INJECTION]: The 'Proof-of-Comprehension' mining process involves the agent reading and interpreting external narratives, which presents an attack surface for indirect prompt injection. Ingestion points: Challenge data from api.litcoiin.xyz; Boundary markers: Absent; Capability inventory: Network access and local code execution; Sanitization: No validation of challenge content was identified.
Audit Metadata