erc-8004
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bankr CLI to orchestrate blockchain transactions, including bridging funds and registering agent identities. Evidence: Found in scripts/bridge-to-mainnet.sh and scripts/register.sh.
- [COMMAND_EXECUTION]: Utilizes node -e for local execution of JavaScript logic to perform ABI encoding for smart contract calls and to decode hex-encoded strings from RPC responses. Evidence: Found in scripts/get-agent.sh, scripts/register-http.sh, and scripts/update-profile.sh.
- [EXTERNAL_DOWNLOADS]: Fetches data from Ethereum RPC providers and IPFS gateways to retrieve agent profile information. Evidence: scripts/get-agent.sh interacts with eth.llamarpc.com and gateway.pinata.cloud.
- [PROMPT_INJECTION]: The skill fetches and displays agent metadata from external, untrusted sources, creating an indirect prompt injection surface. Ingestion points: scripts/get-agent.sh fetches profile JSON from IPFS or HTTP URLs. Boundary markers: Absent; fetched content is displayed directly without delimiters. Capability inventory: Capabilities include transaction submission via bankr and local data processing via node. Sanitization: None; fetched metadata is displayed as-is without filtering for instruction-like patterns.
Audit Metadata