sati-sdk
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: A hardcoded Base58-encoded private key was detected in the file
packages/sdk/scripts/register-echo-agent.ts. While the script appears to be a developer utility for a demo agent, hardcoding sensitive credentials poses a significant risk if the script is used in a production context or if the key is not strictly limited to a test environment. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through the ingestion of untrusted agent metadata.
- Ingestion points: The function
fetchRegistrationFileinpackages/sdk/src/registration.tsfetches JSON metadata from external URIs (IPFS, Arweave, or HTTP). - Boundary markers: The skill uses a Zod schema (
RegistrationFileSchema) to validate the structure of the fetched data. - Capability inventory: The skill can perform file system operations (via scripts), upload to IPFS, and sign Solana transactions for agent registration and feedback.
- Sanitization: The metadata is sanitized using
safeParsethrough the Zod schema before being processed. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to several well-known and vendor-specific services:
- Fetches market data from
api.elections.kalshi.comfor AI predictions. - Downloads agent metadata from IPFS (
ipfs.io) and Arweave (arweave.net). - Connects to Solana RPC nodes via Helius (
helius-rpc.com) and vendor proxies (sati.cascade.fyi).
Recommendations
- AI detected serious security threats
Audit Metadata