stx
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates sensitive blockchain operations including STX token transfers, smart contract deployment, and contract function calls through the
stx/stx.tsscript. - [SAFE]: The skill utilizes the well-known Hiro API for blockchain interactions and follows standard practices for Stacks transaction building.
- [SAFE]: Write operations are protected by a requirement for an unlocked wallet session, providing a security boundary.
- [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection. Ingestion points: Untrusted data enters via the
--args,--post-conditions, and--code-bodycommand-line arguments instx/stx.ts. Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands in the processed input. Capability inventory: The skill can perform irreversible blockchain actions liketransferStx,callContract, anddeployContract. Sanitization: The skill usesJSON.parseand specific type-conversion functions likeparseArgToClarityValueto validate input structure.
Audit Metadata