check-vault-onchain
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructions explicitly direct the agent to run a Python script using the
pythonconsole command. This involves executing code on the underlying system. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-provided inputs such as blockchain explorer links and smart contract addresses.
- Ingestion points: User-provided URLs or blockchain addresses.
- Boundary markers: None specified in the instructions.
- Capability inventory: Execution of a Python script (
scripts/erc-4626/check-vault-onchain.py) and potential web browsing to fetch contract data. - Sanitization: No sanitization or validation of the input strings/links is mentioned before they are incorporated into the script or process.
Audit Metadata