across-protocol-ai-agent-skill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection through the 'Embedded Crosschain Actions' and 'Suggested Fees' features. These allow for the execution of arbitrary contract calls or messages on destination chains based on user-supplied data.
- Ingestion points: User instructions containing transaction targets, function signatures, or cross-chain messages in
embedded-actions.mdandsuggested-fees-api.md. - Boundary markers: Absent from the skill's instructional prompt logic.
- Capability inventory: Construction of executable transaction calldata for the Across Protocol API.
- Sanitization: The
security.mdfile provides clear remediation guidance, requiring validation of alltargetaddresses and sanitization of user-controlled inputs. - [EXTERNAL_DOWNLOADS]: References official and well-known resources provided by the vendor.
- Evidence: Mentions the
@across-protocol/app-sdkNode.js package and official API domainsapp.across.toandtestnet.across.to.
Audit Metadata