swap-approve
Fail
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a command to install the Foundry toolkit via a shell-piped remote script:
curl -L https://foundry.paradigm.xyz | bash. This execution pattern bypasses local package management and executes remote code directly. - [CREDENTIALS_UNSAFE]: Instructions for wallet setup include storing encryption passwords in a local plaintext file (
~/.foundry/.password) and using private keys in shell environment variables or command-line arguments (--private-key $PRIVATE_KEY). This can expose sensitive secrets to other processes, users, or system logs. - [COMMAND_EXECUTION]: The skill operates by executing the
castcommand-line tool to perform blockchain state queries and transaction submissions. - [EXTERNAL_DOWNLOADS]: Fetches token metadata and contract addresses from external APIs including
token-api.kyberswap.comand CoinGecko, as well as various public blockchain RPC endpoints. - [PROMPT_INJECTION]: The skill processes untrusted data from external APIs and local reference files.
- Ingestion points:
token-api.kyberswap.com,api.coingecko.com, andtoken-registry.md. - Boundary markers: No explicit delimiters are used for API response data.
- Capability inventory: The skill can execute blockchain calls and transactions via
cast. - Sanitization: Includes validation for sender addresses using regex and zero-address checks.
Recommendations
- HIGH: Downloads and executes remote code from: https://foundry.paradigm.xyz - DO NOT USE without thorough review
Audit Metadata