Skills
skills/aibtcdev/skills/souldinals/Gen Agent Trust Hub

souldinals

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection vulnerability surface where untrusted data from the blockchain can influence agent behavior.
  • Ingestion points: The load-soul and display-soul subcommands in souldinals.ts fetch arbitrary text/markdown content from the Bitcoin blockchain via the Unisat API.
  • Boundary markers: Content fetched from the blockchain is displayed or parsed without the use of delimiters, headers, or explicit instructions to the agent to disregard embedded commands within that data.
  • Capability inventory: Across all scripts, the skill possesses capabilities for local file system access (node:fs), network communication (fetch), and the ability to sign and broadcast Bitcoin transactions using the user's private keys via the wallet-manager and bitcoin-builder utilities.
  • Sanitization: No validation, sanitization, or escaping is performed on the retrieved on-chain markdown content before it is processed or presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 11:17 PM