Skills
skills/vechain/vechain-ai-skills/create-vechain-dapp/Gen Agent Trust Hub

create-vechain-dapp

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: A hardcoded mnemonic is present in the hardhat.config.ts template for the vechain_solo network. Evidence: mnemonic: "denial kitchen pet squirrel other broom bar gas better priority spoil cross".
  • [COMMAND_EXECUTION]: The skill provides instructions for the agent to suggest shell commands such as yarn install and git init to the user.
  • [EXTERNAL_DOWNLOADS]: The scaffolded project depends on multiple external packages from the npm registry, including @vechain/vechain-kit and hardhat.
  • [PROMPT_INJECTION]: User-provided project and directory names are interpolated into shell command templates in SKILL.md without validation, creating a surface for indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 07:38 PM