trails
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill ingests untrusted data such as recipient addresses and calldata which can be manipulated to perform unauthorized transactions if handled by an agent without strict validation.
- Ingestion points: API and Widget recipe files (quoteIntent, sendTransaction parameters).
- Boundary markers: Absent.
- Capability inventory: Execution of blockchain transactions.
- Sanitization: Not demonstrated in documentation.
- Unverifiable Dependencies (LOW): Documentation instructs the installation of @0xtrails/trails-api and @0xtrails/trails. While these are external dependencies, they are core to the skill's purpose and provided by a recognized domain.
Audit Metadata