bitvm
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill manages sensitive configuration and cryptographic material.
- Evidence: References
~/.bitvm-bridge/bridge.tomlfor storing Bitcoin private keys (depositor, operator, verifier, withdrawer). - Evidence: Mentions usage of
.envfiles for AWS credentials (BRIDGE_AWS_ACCESS_KEY_ID,BRIDGE_AWS_SECRET_ACCESS_KEY). - Evidence: CLI commands involve passing secret keys as plaintext arguments (e.g.,
bridge keys -d <SECRET_KEY>). - [EXTERNAL_DOWNLOADS]: Fetches data from external specialized services.
- Evidence: Downloads Bitcoin header data from
zerosync.orgusingwget. - [REMOTE_CODE_EXECUTION]: References external toolchain installation.
- Evidence: Provides instructions to install the Risc0 toolchain via
https://dev.risczero.com/api/zkvm/install. - [COMMAND_EXECUTION]: Requires building and running local binaries.
- Evidence: Commands for
cargo buildand execution of generated binaries likebridgeandproverfor cryptographic operations. - [PROMPT_INJECTION]: The skill processes external data which could serve as a vector for indirect prompt injection.
- Ingestion points: Bitcoin header files (
prover/data/mainnet-headers.bin) and CLI arguments for transaction IDs and addresses. - Boundary markers: None identified in the provided documentation.
- Capability inventory: Executes subprocesses (
cargo build, local binaries), performs network operations viawget, and performs file system operations. - Sanitization: No explicit sanitization or validation of the ingested binary data or CLI inputs is described.
Recommendations
- AI detected serious security threats
Audit Metadata