HTS System Contract Skill
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill instructs the agent to generate Solidity and TypeScript code for token operations based on user input.
- Ingestion points: User-provided token names, symbols, and NFT metadata are used to populate contract structures in SKILL.md and references/structs.md.
- Capability inventory: The generated code can create tokens, transfer assets, and spend HBAR (via the 'value' field in createFungibleToken calls).
- Boundary markers: No explicit delimiters or warnings are provided to separate user-provided data from code templates.
- Sanitization: There is no instruction to sanitize or validate metadata before interpolation into executable code.- [External Downloads] (MEDIUM): The skill relies on external libraries including @hashgraph/smart-contracts and ethers.js. While standard for the ecosystem, these are unverifiable dependencies from a security perspective as they are not within the explicitly defined trusted source list.
Recommendations
- AI detected serious security threats
Audit Metadata