Skills
skills/aibtcdev/skills/nostr/Gen Agent Trust Hub

nostr

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill retrieves the raw secp256k1 private key from the wallet-manager service to sign Nostr events. It is explicitly designed to share the same keypair as the Bitcoin wallet (m/84'/0'/0'/0/0), which creates a linked identity across both protocols but implies that any exposure of the Nostr key would also compromise the Bitcoin wallet.
  • [EXTERNAL_DOWNLOADS]: The amplify-signal command performs a GET request to https://1btc-news-api.p-d07.workers.dev to fetch news content for broadcasting. This is an external API endpoint related to the primary function of the skill.
  • [DATA_EXFILTRATION]: The skill transmits data (kind:1 and kind:0 events) to external Nostr relays, including wss://relay.damus.io and wss://nos.lol by default. This is the intended behavior of the Nostr protocol.
  • [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection by fetching untrusted content from the Nostr network.
  • Ingestion points: External data is ingested through the queryRelays function in nostr.ts, used by read-feed, search-tags, and get-profile subcommands.
  • Boundary markers: No specific delimiters or safety instructions are applied to the content before it is returned to the agent.
  • Capability inventory: The skill possesses network access and the ability to sign/post transactions using the wallet's private key.
  • Sanitization: Profile metadata is parsed via JSON.parse, but note content is returned to the agent without filtering for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 11:17 PM