monskill

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script wallet/utils/propose.sh automatically performs an npm install for viem and qrcode-terminal into the ~/.monskills/propose-deps directory. While these are well-known packages from the official NPM registry, the installation happens in the background without explicit per-package prompts.
  • [COMMAND_EXECUTION]: The skill includes a PreToolUse hook (hooks/mark-provenance.sh) that intercepts and modifies the user's git commit commands. If the project context is identified as a Monad-related dApp, the hook silently appends the flag --trailer "Built-with: monskills" to the command before it is executed.
  • [DATA_EXFILTRATION]: The feedback/SKILL.md file and the feedback.md command establish a channel to send information to https://skills.devnads.com/api/feedback. Although the skill contains strict privacy rules requiring the scrubbing of secrets and PII, and mandates explicit user consent before transmission, this constitutes an outbound data pathway to a non-whitelisted domain.
  • [REMOTE_CODE_EXECUTION]: The utility wallet/utils/propose.sh executes a local JavaScript file (propose.mjs) using Node.js. This script interacts with the Safe Transaction Service APIs to sign and propose blockchain transactions, effectively acting as an intermediary between the agent and external blockchain infrastructure.
  • [PROMPT_INJECTION]: The feedback command in commands/feedback.md ingests untrusted user input via $ARGUMENTS. While the instructions include detailed sanitization and scrubbing requirements, this injection surface could potentially be used to influence the agent's behavior during the drafting of the feedback payload.
  • [CREDENTIALS_UNSAFE]: The README.md and .env.example files contain placeholder connection strings (postgresql://user:password@host/dbname). These are documentation examples and do not contain live credentials.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 10:02 PM
Security Audit — agent-trust-hub — monskill