identity
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFE
Full Analysis
- Data Exposure & Exfiltration (MEDIUM): The skill utilizes the
ERC8004_PRIVATE_KEYenvironment variable to sign blockchain transactions during registration. While the key is not hardcoded, handling raw private keys for cryptographic signing is a high-risk operation that requires strict environment security to prevent credential theft. - Dynamic Execution (MEDIUM): The implementation uses a dynamic
import()call to load a module from a relative path (../../../identity/index). This pattern creates a dependency on the host environment's specific file structure and could be used as a vector for loading unauthorized or malicious code if the local file system is manipulated. - Indirect Prompt Injection (LOW): \n
- Ingestion points: Agent card metadata (name, description, endpoints) is retrieved from external blockchain sources via
tokenURIin the/identity lookupand/identity verifycommands. \n - Boundary markers: Absent; the skill directly interpolates external strings into the output response without delimiters or warnings. \n
- Capability inventory: Registration of identities (blockchain write) and identity verification (state lookup). \n
- Sanitization: No sanitization or escaping is performed on the externally sourced metadata strings before they are displayed.
Audit Metadata