phantom
Fail
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the author's own MCP server via
npx helius-mcp@latestand utilizes several official Solana and Phantom SDKs from NPM. - [COMMAND_EXECUTION]: Instructs users to configure the environment using CLI commands like
claude mcp add helius npx helius-mcp@latestandhelius signup. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8).
- Ingestion points: The skill processes untrusted data from the Solana blockchain, including NFT metadata and transaction descriptions, via Helius DAS and Enhanced Transactions APIs (referenced in
references/helius-das.mdandreferences/helius-enhanced-transactions.md). - Boundary markers: Absent. Code examples in
references/integration-patterns.mdrender external data directly without explicit boundary delimiters or warnings. - Capability inventory: The skill facilitates signing messages and submitting transactions to the blockchain via Helius Sender (
references/helius-sender.md). - Sanitization: Sanitization logic is not explicitly defined in the provided React and Node.js code snippets.
- [EXTERNAL_DOWNLOADS]: An automated scanner flagged
https://sandbox.phantom.devas a phishing URL. This is a legitimate developer resource provided by the Phantom wallet team and is likely a false positive. - [COMMAND_EXECUTION]: An AV scanner flagged
SKILL.mdwithHttpRequest-inf. This is likely a false positive caused by the extensive documentation of API endpoints and HTTP request examples provided for developer guidance.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata