8004-skill
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through search results retrieved from the agent registry. • Ingestion points: The
scripts/search.jsscript fetches agent metadata (names, descriptions, tags) from an external search service. • Boundary markers: No explicit delimiters or guardrails are implemented to isolate the fetched data from the agent's logic. • Capability inventory: The skill has the capability to execute blockchain transactions viaregister.js,feedback.js, andset-uri.jsusing the user's private key. • Sanitization: Metadata is processed for display without semantic sanitization, potentially allowing malicious content in agent descriptions to influence the agent's behavior. - [EXTERNAL_DOWNLOADS]: The
scripts/search.jsscript makes network calls to the vendor's search API athttps://tn-search-service.bankofai.io/api/v1/searchto retrieve agent registry information. - [DATA_EXFILTRATION]: The skill's utility module
scripts/utils.jsis designed to read sensitive blockchain private keys from the local file system path~/.clawdbot/wallets/.deployer_pk. While this is a documented mechanism for signing on-chain transactions, it involves reading sensitive credentials that must be managed with care.
Audit Metadata