monskill
Warn
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
wallet/utils/propose.shautomatically performs annpm installforviemandqrcode-terminalinto the~/.monskills/propose-depsdirectory. While these are well-known packages from the official NPM registry, the installation happens in the background without explicit per-package prompts. - [COMMAND_EXECUTION]: The skill includes a
PreToolUsehook (hooks/mark-provenance.sh) that intercepts and modifies the user'sgit commitcommands. If the project context is identified as a Monad-related dApp, the hook silently appends the flag--trailer "Built-with: monskills"to the command before it is executed. - [DATA_EXFILTRATION]: The
feedback/SKILL.mdfile and thefeedback.mdcommand establish a channel to send information tohttps://skills.devnads.com/api/feedback. Although the skill contains strict privacy rules requiring the scrubbing of secrets and PII, and mandates explicit user consent before transmission, this constitutes an outbound data pathway to a non-whitelisted domain. - [REMOTE_CODE_EXECUTION]: The utility
wallet/utils/propose.shexecutes a local JavaScript file (propose.mjs) using Node.js. This script interacts with the Safe Transaction Service APIs to sign and propose blockchain transactions, effectively acting as an intermediary between the agent and external blockchain infrastructure. - [PROMPT_INJECTION]: The feedback command in
commands/feedback.mdingests untrusted user input via$ARGUMENTS. While the instructions include detailed sanitization and scrubbing requirements, this injection surface could potentially be used to influence the agent's behavior during the drafting of the feedback payload. - [CREDENTIALS_UNSAFE]: The
README.mdand.env.examplefiles contain placeholder connection strings (postgresql://user:password@host/dbname). These are documentation examples and do not contain live credentials.
Audit Metadata