portfolio
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill executes remote code from the npm registry using
npx starkfi@latest. The use of the@latesttag prevents version pinning, which means the skill always executes the most recent version of the package, introducing a supply chain risk if the package were to be compromised. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute shell commands for aggregating DeFi positions and performing automated batch swap transactions on the Starknet network. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection due to its handling of untrusted external data. Ingestion points: The
portfoliocommand retrieves token names, symbols, and metadata for staking and lending positions directly from the Starknet blockchain. Boundary markers: There are no delimiters or instructions provided to the agent to distinguish this external data from its primary instructions. Capability inventory: The skill possessesBashcapabilities to move assets and execute transactions. Sanitization: No sanitization or validation of the retrieved blockchain data is specified before it enters the agent's context.
Audit Metadata