aibtc-bitcoin-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation recommends installation via
npx @aibtc/mcp-server@latest --install, which downloads package code from the npm registry. - [COMMAND_EXECUTION]: The skill provides instructions for executing various shell commands for installation, build processes, and wallet management, including
npx,npm install, andgit clone. - [DATA_EXFILTRATION]: The skill manages sensitive data including BIP39 mnemonics and private keys, which are stored in the
~/.aibtc/directory. It transmits cryptographic signatures to vendor-managed endpoints ataibtc.comandpillarbtc.comfor identity registration, check-ins, and transaction processing. - [PROMPT_INJECTION]: An indirect prompt injection surface is present in the "Active Check-In Loop" where the agent is instructed to fetch and respond to message content from a remote API. \n
- Ingestion points: Message content fetched from
https://aibtc.com/api/paid-attentionas described inreferences/genesis-lifecycle.md. \n - Boundary markers: No specific delimiters or "ignore previous instructions" safety markers are documented for the processing of external message content. \n
- Capability inventory: The skill allows the agent to access local sensitive files (
~/.aibtc/), perform network requests, and sign/broadcast blockchain transactions. \n - Sanitization: The documentation does not describe sanitization or validation of the message content retrieved from the external API before the agent is prompted to parse, sign, and respond to it.
Audit Metadata