bounty-scanner
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits the agent's STX address and claim-related messages to the external domain bounty.drx4.xyz. While necessary for functionality, this involves sharing identifiable account information with a third-party service.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It fetches bounty data from a remote API and uses this information to suggest or automatically claim tasks. An attacker could craft a malicious bounty that tricks the agent into an unintended claim or manipulates the agent's decision logic.
- [PROMPT_INJECTION]: The claim command retrieves a signing_format directly from the external API's response. The AGENT.md instructions guide the agent to use this format with the signing skill, creating a risk where a compromised or malicious API could provide a fraudulent signing format to trick the agent into signing unauthorized messages.
- Ingestion points: fetchBounties and fetchBountyDetail in bounty-scanner/bounty-scanner.ts.
- Boundary markers: None identified in the prompt interpolation logic.
- Capability inventory: Uses the signing skill based on API-provided formats and performs POST requests to API-provided endpoints.
- Sanitization: No validation or sanitization of externally sourced bounty descriptions or signing formats.
Audit Metadata