intuition
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill proactively addresses potential indirect prompt injection risks associated with the ingestion of external data from the Intuition GraphQL API. It implements a 'Trusted Intent Boundary' policy that instructs the agent to ignore any transaction parameters found in external data and instead recompute all fields (to, data, value, chainId) using its own verified internal logic and ABI fragments. • Ingestion points: Data retrieved via GraphQL queries in 'reference/graphql-queries.md'. • Boundary markers: Explicitly defined 'Read Safety Invariants' and 'Trusted Intent Boundary' sections in 'reference/autonomous-policy.md'. • Capability inventory: Generation of on-chain transaction parameters and execution of the cast CLI for blockchain interaction. • Sanitization: Instructions mandate re-verifying IDs on-chain and performing mandatory simulations before outputting any transaction object.
- [DATA_EXFILTRATION]: The skill performs network requests to official, vendor-owned domains (intuition.systems, intuition.sh) to facilitate GraphQL discovery and RPC communication. These operations are standard for the protocol's functionality and use legitimate service endpoints associated with the 0xintuition vendor.
- [COMMAND_EXECUTION]: The skill provides structured templates for using the cast CLI tool (part of the Foundry toolkit) to perform on-chain reads, ID calculations, and transaction simulations. These commands are used for protocol state discovery and verification and are not used to execute arbitrary or untrusted code.
Audit Metadata