erc8004
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE] (SAFE): The skill requires a
PRIVATE_KEYfor transaction signing, which is properly handled via environment variables as declared in the YAML frontmatter. It does not hardcode credentials or expose them in logs. - [DATA_EXFILTRATION] (SAFE): Network communication is limited to standard Ethereum RPC providers (LlamaRPC and Sepholia RPC) for on-chain data retrieval and transaction submission. No unauthorized data exfiltration patterns were identified.
- [COMMAND_EXECUTION] (SAFE): The skill performs blockchain transactions (contract writes), which is its intended purpose. These actions are triggered through explicit tool calls or user commands.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-supplied metadata (name, description) for registration. While this data is stored on-chain, it is treated as passive metadata and is not executed or interpreted as instructions that could influence the agent's logic.
Audit Metadata