thespawn
Fail
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a TypeScript script (
mint.ts) that performs on-chain transactions and utilizes a CLI tool (spawnr) to modify local coding tool configurations (e.g., Claude Code, Cursor). These actions involve direct interaction with the blockchain and the local filesystem. - [EXTERNAL_DOWNLOADS]: The skill uses several Node.js packages including
viem,dotenv, andagent0-sdk. It also relies on thespawnrCLI tool. All identified external resources and documentation mirrors are hosted on the author's official domain (thespawn.io) or established package registries. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface (Category 8) because it retrieves and processes data from a public registry that could be controlled by third parties.
- Ingestion points: Data enters the agent's context through
spawnr searchresults and agent metadata retrieved viaspawnr show. - Boundary markers: The instructions explicitly tell the agent to review descriptions and tool lists before hiring, and recommend using the
--dry-runflag to preview changes. - Capability inventory: The skill can write to configuration files via
spawnr hireand interact with blockchain contracts via themint.tsscript. - Sanitization: There is no automated sanitization of the registry data; mitigation relies on the agent's reasoning and the user's manual review of the dry-run output.
- [CREDENTIALS_UNSAFE]: The registration guide instructs users to store their private keys in a
.envfile. This is a standard and recommended practice for local development and does not constitute a credential leak, as the keys are not exfiltrated.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata