wallet-security
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill fetches content from
https://raw.githubusercontent.com/gmh5225/awesome-web3-security/refs/heads/main/README.md. Since the usergmh5225is not a trusted entity, the integrity of the data depends on an external party. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk (Category 8).
- Ingestion points: Fetches untrusted markdown data from a remote URL.
- Boundary markers: Absent; no instructions provided to the agent to treat the fetched text as data only.
- Capability inventory: The skill itself contains no executable code or system-level capabilities.
- Sanitization: Absent; no validation logic for the external content is defined.
Audit Metadata