bsocial
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and displaying unsanitized content from the BSV blockchain.\n
- Ingestion points: Data is fetched from the BMAP API in
lib/bmap-client.tsand displayed viascripts/read-posts.ts,scripts/read-messages.ts, and other read scripts.\n - Boundary markers: Absent. Content is printed directly to the console, allowing external blockchain data to enter the agent's context without delimiters.\n
- Capability inventory: The skill has the ability to sign transactions and broadcast them to the network via
lib/broadcast.tsand variousscripts/create-*.tsfiles.\n - Sanitization: Absent. No sanitization or filtering of blockchain content is performed before display.\n- [CREDENTIALS_UNSAFE]: Multiple scripts in the skill require a Wallet Import Format (WIF) private key to be passed as a command-line argument for transaction signing. While the key is used for local signing and not exfiltrated, this pattern is less secure than using environment variables as it may expose the key in process logs or command history.
Audit Metadata