swig-smart-wallet
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to collect Swig Paymaster API keys from the user and generate Solana private keys, which are stored in a local file named 'agent-keypair.json'.
- [EXTERNAL_DOWNLOADS]: Installs official SDK packages from the vendor's repository and NPM registry, including '@swig-wallet/classic', '@swig-wallet/kit', and associated paymaster libraries.
- [COMMAND_EXECUTION]: Requires the agent to execute 'npm install' for dependency management and utilize file system operations to read and write agent identity keypairs.
- [PROMPT_INJECTION]: Contains an indirect prompt injection surface by ingesting untrusted user data (Solana RPC URLs, API keys, and custom sponsorship endpoints) and interpolating it into executable TypeScript scripts without explicit sanitization. Ingestion points: User-provided 'SOLANA_RPC_URL', 'SWIG_PAYMASTER_API_KEY', and 'GAS_SPONSOR_URL'. Boundary markers: Absent. Capability inventory: Network requests via 'fetch', file system writes for key storage, and package installation via 'npm'. Sanitization: No explicit validation or escaping logic is provided for user-supplied configuration values.
Audit Metadata