aave-v3-plugin
Pass
Audited by Gen Agent Trust Hub on May 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the
onchainosCLI and theaave-v3-pluginbinary from official GitHub repositories associated with the vendor. These downloads are performed using secure HTTPS connections and include SHA256 integrity verification. - [REMOTE_CODE_EXECUTION]: The installation process executes a shell script from a trusted repository. The script is verified against a checksum file before execution to ensure authenticity.
- [COMMAND_EXECUTION]: The plugin invokes the
onchainosCLI tool through system command execution to manage wallet interactions and blockchain transactions. It explicitly manages the environment PATH to ensure the correct binaries are used. - [PROMPT_INJECTION]: The skill processes external data from blockchain RPC nodes and CLI outputs. It provides specific instructions to the agent to treat this data as untrusted and to perform field filtering before including data in the conversation context, mitigating indirect prompt injection risks.
Audit Metadata