nostr-social-graph
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to its handling of untrusted external data from the Nostr network.
- Ingestion points: Untrusted data enters the agent context through event fetching operations such as
fetchKind3andfetchRelayListsdescribed inSKILL.mdandreferences/outbox-model.md. - Boundary markers: There are no instructions or delimiters provided to prevent the agent from interpreting embedded commands within fetched strings (e.g., petnames, mute words, or list content).
- Capability inventory: The skill enables the agent to discover relays and build complex social graphs, which could be manipulated by malicious event content.
- Sanitization: The implementation patterns do not include sanitization or validation of strings retrieved from the Nostr network before they are processed by the agent.
Audit Metadata