spoonos-application-templates
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface in the DAO Assistant template (scripts/dao_assistant.py). It fetches proposal data from the Snapshot GraphQL API and includes it in the LLM context without sanitization or boundary markers. This could allow malicious proposal text to influence agent actions.
- Ingestion points: Data fetched from Snapshot GraphQL in scripts/dao_assistant.py.
- Boundary markers: Absent in the tool output.
- Capability inventory: Includes voting and delegation management.
- Sanitization: No explicit validation of external proposal content is performed.
- [COMMAND_EXECUTION]: The Research Agent template utilizes npx to dynamically run the tavily-mcp tool. This involves executing external code at runtime.
- [REMOTE_CODE_EXECUTION]: Through the use of npx -y, the skill facilitates the downloading and execution of the tavily-mcp package. Tavily is a well-known service providing research capabilities.
Audit Metadata