ordinals-p2p
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill retrieves the user's Bitcoin private key from the internal wallet manager to perform BIP-137 message signing. While the raw private key remains local, the skill transmits generated signatures, public addresses, and trade details to the external domain
ledger.drx4.xyzandledger-test.drx4.xyz. This domain is not recognized as a trusted vendor resource for the specified author context. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted data from a public ledger.
- Ingestion points: External data is retrieved from
https://ledger.drx4.xyz/api/tradesvia thelist-trades,get-trade, andmy-tradessubcommands inordinals-p2p.ts. - Boundary markers: There are no boundary markers or delimiters used to separate untrusted external content from agent instructions.
- Capability inventory: The skill has the capability to perform authenticated write operations on the ledger and communicate with external APIs.
- Sanitization: No sanitization, escaping, or validation of user-controllable fields (such as
metadata) is performed before the data is printed to the agent's context.
Audit Metadata