Skills
skills/tradingstrategy-ai/web3-ethereum-defi/add-curator/Gen Agent Trust Hub

add-curator

Pass

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run shell commands using placeholders for user-supplied data, such as {curator name}, {curator slug}, and {test file or test name}. For example, rg -n "{curator name}|{curator slug}" and poetry run pytest {test file or test name} -v. If an attacker provides a curator name or test name containing shell metacharacters (e.g., ;, |, `), it could lead to arbitrary command execution in the user's environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted metadata (Curator name, website, social links) and incorporates it into the agent's logic, including code generation for eth_defi/vault/curator.py and YAML configuration files.
  • Ingestion points: User-provided inputs for curator metadata (Step 1-3).
  • Boundary markers: None present; user input is directly interpolated into instructions and shell commands.
  • Capability inventory: Subprocess execution via poetry, rg, and pytest; file writing/editing capability for project source code and configuration files.
  • Sanitization: No validation or escaping of the user-provided inputs is specified before they are used in shell commands or code edits.
Audit Metadata
Risk Level
SAFE
Analyzed
May 13, 2026, 02:44 AM