erc-8004
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches metadata from external sources to support agent profile management. It retrieves data from IPFS gateways such as gateway.pinata.cloud and ipfs.io, as well as arbitrary HTTPS URLs provided in on-chain records. It also connects to established Ethereum RPC endpoints.
- [COMMAND_EXECUTION]: Shell scripts execute local processes to perform blockchain operations. The bankr CLI is used for cross-chain bridging and transaction management. Node.js is used for calldata assembly; although it involves dynamic script generation via
node -e, the inputs are derived from trusted local context and well-known service responses. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface.
- Ingestion points: scripts/get-agent.sh fetches untrusted metadata from IPFS or remote URLs.
- Boundary markers: Fetched content is output directly without delimiters or instructional constraints.
- Capability inventory: The skill can execute transactions and modify identity profiles via the bankr tool.
- Sanitization: No sanitization is performed on external metadata before it is presented to the agent.
Audit Metadata