evm-atlas
Fail
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: CRITICAL
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with several well-known blockchain and bridge APIs to retrieve chain metadata, transaction history, and bridge statuses.
- Evidence: Queries are made to official domains including
etherscan.io,blockscout.com,bungee.exchange,li.quest, andlayerzero-api.com. - Context: These services are industry-standard infrastructure providers for the EVM ecosystem.
- [COMMAND_EXECUTION]: The skill utilizes local shell scripts and CLI tools to perform plan detection and chain resolution.
- Evidence: Scripts such as
scripts/etherscan-detect-plan.sh,scripts/blockscout-detect-plan.sh, andscripts/resolve-chain.shusecurlto probe API limits and metadata. - Context: These are utility scripts designed to optimize API usage and ensure correct chain mapping, representing standard integration practices.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing external data from blockchain explorers and bridge APIs.
- Ingestion points: JSON responses from external APIs (e.g., Etherscan, Blockscout) are parsed into the agent's context.
- Boundary markers: The instructions explicitly command the agent to treat these sources as read-only enrichment and strictly forbid signing messages or broadcasting transactions based on the retrieved data.
- Capability inventory: Capabilities include shell execution via
curlandcast, and reading local reference files. - Sanitization: The skill includes logic for unit conversion (wei to human-readable) and strict chain-id validation against an authoritative local list.
Recommendations
- Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata