gator-cli
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages Ethereum private keys and explicitly documents that they are stored in plaintext JSON format at
~/.gator-cli/permissions.json. It also provides instructions for configuring sensitive credentials like API keys and IDs for delegation storage. - [COMMAND_EXECUTION]: The skill uses the
gatorCLI to perform high-privilege blockchain operations, including wallet initialization (init), upgrading accounts to smart accounts (create), and executing transactions on-chain (redeem,revoke). - [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@metamask/gator-clipackage from the official NPM registry to function. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing external data, such as Solidity function signatures and raw call data, which are then signed and executed as transactions.
- Ingestion points: Command line arguments for parameters like
--function,--selectors,--args, and--callDatainSKILL.md. - Boundary markers: None provided in the skill instructions to separate untrusted data from the command context.
- Capability inventory: Signing and broadcasting transactions via the
gatorCLI across multiple EVM-compatible chains. - Sanitization: No explicit sanitization or validation of input data is mentioned before it is passed to the CLI for execution.
Recommendations
- AI detected serious security threats
Audit Metadata