arweave
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill documents interfaces for retrieving arbitrary, user-generated content from the Arweave decentralized network, which introduces a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through transaction data fields and the
/tx/{id}/data.htmlendpoint as described inreferences/core-transactions.mdandreferences/features-http-api.md. - Boundary markers: Absent; the documentation does not suggest using delimiters or specific instructions to isolate retrieved network data from the agent's internal logic.
- Capability inventory: The skill enables the agent to construct and broadcast financial transactions (
quantity,target) and interact with internal node APIs for signing as documented inreferences/features-internal-api.md. - Sanitization: Absent; there are no instructions provided for validating, filtering, or escaping content fetched from the network before it is processed by the agent.
- [EXTERNAL_DOWNLOADS]: The documentation in
references/features-ipfs-pinning.mdreferences downloading the IPFS daemon from its official distribution service atdist.ipfs.io.
Audit Metadata