web3-dao-tooling
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its interaction with untrusted external content.\n
- Ingestion points: The agent fetches titles, bodies, and descriptions of governance proposals from the Snapshot GraphQL API and Tally API (scripts/snapshot_monitor.py, scripts/tally_monitor.py).\n
- Boundary markers: There are no explicit delimiters or system instructions used to separate fetched proposal data from the agent's core instructions, making it possible for the model to follow commands embedded in the proposals.\n
- Capability inventory: The skill has high-impact capabilities, including casting on-chain and off-chain votes and managing token delegations using a private key (scripts/governor_vote.py, scripts/snapshot_vote.py, and SKILL.md).\n
- Sanitization: External proposal data is processed directly as natural language without sanitization or safety checks.
Audit Metadata