nostr-dvms
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
- Ingestion points: SKILL.md (lines 78-85) and references/dvm-kinds.md (lines 62-67) describe processing input from
url,event, andjobtypes. - Boundary markers: The code examples for service providers in SKILL.md do not include delimiters or specific instructions to the processing LLM to ignore embedded commands within the fetched data.
- Capability inventory: The skill demonstrates network read capabilities (fetch) and network write capabilities (publishing Nostr events) following the processing of untrusted content.
- Sanitization: No input validation or content filtering is shown in the processing workflow.
- [DATA_EXFILTRATION]: Unvalidated Network Requests.
- The skill instructs developers to use
fetch()on URLs provided in the Nostritags. This pattern enables server-side request forgery (SSRF), where an attacker could provide a URL that forces the agent to probe internal network services or access sensitive cloud metadata endpoints.
Audit Metadata