tokens
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface via untrusted blockchain data. * Ingestion points: tokens/tokens.ts fetches token names, symbols, and URIs from the Hiro API. * Boundary markers: The CLI output is structured JSON but lacks explicit delimiters to isolate external string content. * Capability inventory: The skill has network access and can perform token transfers. * Sanitization: String metadata fields are not sanitized for potential instructions.
Audit Metadata