transact
Warn
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill workflow involves handling highly sensitive information such as raw account seeds and passphrases. Specifically, it instructs the agent to use tools like
mcp__convex-testnet__transactwith a raw seed if a signing service is unavailable. Passing such credentials as tool arguments can result in sensitive data being logged in cleartext or stored in the agent's conversation history. - [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary CVM (Convex Virtual Machine) code provided via the
$ARGUMENTSparameter. While this is the intended functionality for blockchain interaction, it constitutes dynamic execution of user-supplied logic. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input from
$ARGUMENTSas executable source code without technical sanitization or boundary markers. - Ingestion points: User-supplied input via the
$ARGUMENTSvariable inSKILL.mdis interpolated directly into transaction tools. - Boundary markers: No technical boundary markers (e.g., XML tags or delimiters) are defined to separate the transaction code from other instructions, though the skill mandates manual user confirmation.
- Capability inventory: The skill uses
mcp__convex-testnet__signingTransact,mcp__convex-testnet__transact, andmcp__convex-testnet__prepareto execute code on the Convex network. - Sanitization: No automatic validation or escaping of the CVM source code is performed before execution.
Audit Metadata