Hedera Plugin Creation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Prompt Injection (HIGH): The skill guides the creation of tools that ingest untrusted user parameters and network data which are then processed by the AI agent. Ingestion points:
createTokenParametersandgetTokenInfoParametersdefined in theexamples/token-plugin/tools/directory. Boundary markers: Absent in the example tool description prompts. Capability inventory:handleTransaction(blockchain mutations) increate-token.tsandfetch(network access) inget-token-info.ts. Sanitization: Runtime validation via Zod schemas is present for type checking, but lacks semantic filtering to prevent instruction injection within valid string fields. - Data Exposure & Exfiltration (LOW): Example tool
get-token-info.tsperforms network requests to a non-whitelisted domain (mirrornode.hedera.com). Evidence:fetchcall used to query the Hedera Mirror Node API. Severity: LOW as it targets a standard infrastructure domain for the skill's purpose and does not access sensitive local files.
Recommendations
- AI detected serious security threats
Audit Metadata