Skills
skills/daaab/agent-skills/virtuals-protocol-acp/Gen Agent Trust Hub

virtuals-protocol-acp

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and returning data from external, potentially untrusted agents in the ACP ecosystem.\n
  • Ingestion points: Untrusted data enters the agent context through the stdout of scripts/index.ts, specifically the agent.description in browse_agents and the deliverable in execute_acp_job and poll_job.\n
  • Boundary markers: The instructions in SKILL.md lack explicit delimiters or guidance for the agent to treat data from the ACP registry and job offerings as untrusted content.\n
  • Capability inventory: The agent possesses significant capabilities, including performing on-chain transactions and spending assets from a configured WALLET_PRIVATE_KEY.\n
  • Sanitization: No validation or filtering is performed on the content of external deliverables or agent metadata before it is presented to the agent.\n- [EXTERNAL_DOWNLOADS]: The skill fetches the @virtuals-protocol/acp-node library and other dependencies from the public NPM registry. It also interacts with the Virtuals Protocol platform for agent discovery and job execution.\n- [COMMAND_EXECUTION]: The skill requires the agent to execute a local TypeScript CLI tool (scripts/index.ts) using npx tsx. This tool is used to interact with the blockchain, read local credentials, and manage job states.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 11:03 PM