yoink
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches game state information from the official Base network RPC endpoint (https://mainnet.base.org).
- [COMMAND_EXECUTION]: Uses system binaries curl and jq to perform blockchain queries and parse JSON results.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external data. 1. Ingestion points: Blockchain state (address, timestamp, scores) fetched via eth_call in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Execution of transactions via the Bankr arbitrary transaction feature. 4. Sanitization: None provided for RPC responses.
Audit Metadata