create-bap-identity
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were identified. The skill's instructions for key generation, signing, and blockchain interaction follow standard protocols for the Bitcoin SV (BSV) ecosystem.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and process profile data and attestations from the blockchain. This is an inherent risk of the skill's primary function of resolving decentralized identities.
- Ingestion points: The
getProfile.executeandresolveBapIdfunctions retrieve untrusted data from the blockchain. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided examples.
- Capability inventory: The agent can publish transactions, update profiles, and attest to data via the
@1sat/actionslibrary. - Sanitization: Not explicitly detailed in the documentation snippets.
Audit Metadata