hoosat-dev
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The wallet system manages sensitive private keys and a master password with risky storage practices.\n
- The
SessionManagerclass inscripts/agent-crypto.pystores the master password in theHOOSAT_AGENT_PASSWORDenvironment variable, which can be accessed by other processes or leaked through system logs.\n - The
references/agent-wallet-guide.mdencourages users to import and export private keys directly through chat prompts, which records sensitive secrets in cleartext within the agent's conversation history.\n- PROMPT_INJECTION (LOW): The 'auto-approve' functionality described inreferences/agent-wallet-guide.mdallows the agent to execute transactions without human confirmation based on pre-set limits, creating a major surface for indirect injection attacks.\n - Ingestion points: The agent receives transaction instructions and addresses via the primary chat interface where third-party data might be processed.\n
- Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are present in the provided scripts or prompts.\n
- Capability inventory: The skill has the capability to sign and submit blockchain transactions using the
hoosat-sdk-web(referenced inassets/dapp-template/hooks/useHoosatWallet.ts).\n - Sanitization: Basic address validation is performed using
HoosatUtils.isValidAddress, but no semantic validation or intent verification exists for the transaction payloads.\n- EXTERNAL_DOWNLOADS (LOW): Thereferences/node-operations.mdguide instructs users to download and execute binaries from GitHub (hoosatnetwork/hoosat). While common for developer documentation, this involves the execution of external binaries from a source not included in the global trusted repository list.
Audit Metadata