pitch-submit
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides Node.js scripts (
verify-identity.mjs,submit-pitch.mjs,list-pitches.mjs) that must be executed to interact with the blockchain and the pitch registry. - [CREDENTIALS_UNSAFE]: The skill requires the
NET_PRIVATE_KEYenvironment variable for signing transactions. While necessary for blockchain interaction, this grants the skill access to the agent's sensitive private key. - [PROMPT_INJECTION]: The
list-pitches.mjsscript decodes and displays untrusted data (project names, descriptions) from an on-chain registry, creating a surface for indirect prompt injection. - Ingestion points:
scripts/list-pitches.mjsfetches and decodespitchDatafrom theIPitchRegistrycontract viagetPitchandgetPitchesByAgent. - Boundary markers: Absent; decoded strings from the blockchain are printed directly to the console without delimiters or instructions to ignore embedded content.
- Capability inventory: The agent can execute shell scripts, read local files (e.g.,
pitch.json), and sign blockchain transactions including USDC transfers and contract calls. - Sanitization: Absent; the skill does not perform validation, filtering, or escaping of retrieved on-chain text before processing or display.
Audit Metadata