add-vault-note
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill performs dynamic code generation by instructing the agent to modify the file
eth_defi/vault/flag.py. It requires creating new Python constants and updating theVAULT_FLAGS_AND_NOTESdictionary entries based on user-controlled input (Message and Vault address). Writing user-controlled strings directly into executable source files is a high-risk pattern. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because user-provided strings are directly inserted into Python source code without sanitization.
- Ingestion points: User-provided 'Message', 'Vault address', and 'Flags' parameters defined in SKILL.md.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present to prevent user input from breaking out of the string literal context.
- Capability inventory: The agent has the capability to write to the filesystem (
eth_defi/vault/flag.py), execute theruffformatter, and open pull requests to commit these changes. - Sanitization: There are no instructions to escape, validate, or filter the user-provided message before it is interpolated into the Python code.
- [EXTERNAL_DOWNLOADS]: The skill references a JSON metadata file from
https://top-defi-vaults.tradingstrategy.ai/top_vaults_by_chain.json. This is a vendor-owned resource used for legitimate data retrieval.
Audit Metadata