solana
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected in the processing of external blockchain data. \n
- Ingestion points: The skill fetches raw account data and transaction signatures from external Solana RPC endpoints as described in
SKILL.mdand implemented indecode_account.py. \n - Boundary markers: Absent; there are no instructions provided to the agent to distinguish its operational instructions from the potentially untrusted data retrieved from the blockchain. \n
- Capability inventory: The skill uses
curlfor network requests andjqandpython3for data parsing and execution. \n - Sanitization: Absent; the blockchain data is processed and displayed without sanitization, which could allow maliciously crafted account data to influence the agent's behavior if it interprets the output as instructions. \n- [COMMAND_EXECUTION]: The skill relies on local shell commands and script execution to perform blockchain queries. \n
- Evidence: Employs
curlto make POST requests to RPC endpoints andjqfor parsing JSON responses. \n - Evidence: Executes a local Python script,
decode_account.py, to parse binary data and print it to the console.
Audit Metadata