four-meme
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill workflow involves fetching and parsing data from the four.meme website and the BSC blockchain, which creates a potential surface for indirect prompt injection attacks where untrusted content could influence agent behavior.\n
- Ingestion points: Data is retrieved from the external URL https://four.meme and via on-chain read_contract queries.\n
- Boundary markers: There are no specified delimiters or instructions to ignore or isolate embedded commands in the fetched data.\n
- Capability inventory: The skill utilizes web fetching and blockchain data retrieval tools.\n
- Sanitization: No sanitization or validation logic is defined for the externally sourced token information.\n- [DATA_EXFILTRATION]: The skill performs network operations (web fetching) to the domain four.meme, which is not included in the whitelist of trusted or well-known services.
Audit Metadata