aave-v3-plugin

Pass

Audited by Gen Agent Trust Hub on May 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the onchainos CLI and the aave-v3-plugin binary from official GitHub repositories associated with the vendor. These downloads are performed using secure HTTPS connections and include SHA256 integrity verification.
  • [REMOTE_CODE_EXECUTION]: The installation process executes a shell script from a trusted repository. The script is verified against a checksum file before execution to ensure authenticity.
  • [COMMAND_EXECUTION]: The plugin invokes the onchainos CLI tool through system command execution to manage wallet interactions and blockchain transactions. It explicitly manages the environment PATH to ensure the correct binaries are used.
  • [PROMPT_INJECTION]: The skill processes external data from blockchain RPC nodes and CLI outputs. It provides specific instructions to the agent to treat this data as untrusted and to perform field filtering before including data in the conversation context, mitigating indirect prompt injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 29, 2026, 03:05 AM
Security Audit — agent-trust-hub — aave-v3-plugin