web3-security-analysis
Fail
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill attempts to load and utilize a highly sensitive 'PRIVATE_KEY' from environment variables for signing transactions.
- Evidence in
scripts/flashbots_protect.py:self.account = Account.from_key(os.getenv("PRIVATE_KEY")). - Evidence in
SKILL.md: The environment variables section explicitly guides users to provide aPRIVATE_KEYandTENDERLY_API_KEY. - [DATA_EXFILTRATION]: The skill transmits sensitive data, including wallet addresses and transaction calldata, to multiple external third-party services.
- Evidence in
scripts/tenderly_simulate.py: Sends theWALLET_ADDRESSand transactioninput(calldata) tohttps://api.tenderly.co/api/v1. - Evidence in
scripts/honeypot_check.py: Sendstoken_addresstohttps://api.honeypot.is/v2/IsHoneypot. - [COMMAND_EXECUTION]: The skill performs state-changing blockchain operations, specifically signing and broadcasting raw transactions to Ethereum RPC endpoints.
- Evidence in
scripts/flashbots_protect.py:self.w3.eth.send_raw_transaction(signed.raw_transaction). - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted transaction data and contract addresses which are then used in sensitive transaction signing operations.
- Ingestion points:
token_addressinTokenSecurityTool,dataandtoinTransactionSimulatorToolfromscripts/tenderly_simulate.py. - Boundary markers: No delimiters or warnings identified in the provided script logic or prompt snippets to ignore embedded instructions in the hex data or metadata.
- Capability inventory: Transaction signing and network requests across all included Python scripts.
- Sanitization: No sanitization or validation of the input calldata or target addresses is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata