stx
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements a Command Line Interface (CLI) using the commander library to handle blockchain-specific subcommands such as transfers and contract deployments. The execution is strictly limited to these predefined blockchain operations and does not facilitate arbitrary shell command execution.
- [EXTERNAL_DOWNLOADS]: The skill communicates with the Hiro API (api.hiro.so) to broadcast transactions and query blockchain state. Hiro is a well-known and standard infrastructure provider for the Stacks ecosystem, and its use here is consistent with the skill's primary purpose.
- [PROMPT_INJECTION]: The skill processes external data provided as CLI arguments for contract function calls and deployments. This potential injection surface is managed through structural validation and specific type mapping. 1. Ingestion points: Untrusted data enters via the --args, --post-conditions, and --code-body arguments in stx.ts. 2. Boundary markers: No explicit prompt boundary markers are defined in the skill documentation. 3. Capability inventory: The skill can perform token transfers and contract calls using the vendor's internal library functions. 4. Sanitization: Input strings are sanitized using JSON.parse followed by explicit mapping to Clarity-specific data types to ensure they conform to expected schemas.
Audit Metadata