Skills
skills/kybernetwork/kyberswap-skills/swap-simulate/Gen Agent Trust Hub

swap-simulate

Fail

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill workflow involves executing a shell command via cast call that interpolates multiple variables (sender, tx.to, tx.data, tx.value, tx.gas) derived from user-provided JSON input.
  • [COMMAND_EXECUTION]: There are no instructions or guardrails provided to ensure that the agent sanitizes these values before execution. An attacker could provide a malicious JSON object with fields containing shell metacharacters (e.g., ;, &, |, or backticks) to trigger arbitrary command execution on the host machine.
  • [DATA_EXFILTRATION]: If command injection is successful, an attacker could leverage the execution context to read and exfiltrate sensitive local files, such as .env files, SSH keys, or cloud provider credentials.
  • [COMMAND_EXECUTION]: Ingestion points: The skill processes data from the swap-build JSON output. Capability inventory: Uses cast call to interact with the shell. Boundary markers: No delimiters or ignore-instructions warnings are present. Sanitization: No validation or escaping of external content is specified before interpolation into the command line.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 6, 2026, 04:45 AM
Security Audit — agent-trust-hub — swap-simulate