nostr-social-graph
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate instructions and code patterns for implementing Nostr social graph features. No malicious code, exfiltration patterns, or obfuscation techniques were detected.
- [EXTERNAL_DOWNLOADS]: The skill references well-known Nostr relay infrastructure (such as purplepag.es, relay.nostr.band, and relay.damus.io) for relay discovery and metadata indexing. These are standard public services within the Nostr ecosystem.
- [INDIRECT_PROMPT_INJECTION]: The skill defines patterns for fetching and processing data from decentralized Nostr relays, creating an attack surface for untrusted data.
- Ingestion points: External data is ingested through relay subscription and query functions (e.g.,
fetchRelayLists,resolveRelayList) used to retrieve kinds 3, 10000, and 10002. - Boundary markers: The implementation logic relies on structured JSON parsing and tag filtering (e.g., checking
tag[0] === 'r') to isolate protocol metadata from other event content. - Capability inventory: The skill includes capabilities for network operations, specifically publishing events and subscribing to relay feeds based on discovered metadata.
- Sanitization: The instructions recommend relay URL normalization and case-insensitive word matching to ensure data integrity.
Audit Metadata