cardano-balances
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a
SEED_PHRASEenvironment variable to be set for the@indigoprotocol/cardano-mcppackage. This is a highly sensitive mnemonic phrase used to derive private keys and access wallet funds. While necessary for the skill's primary function of querying private wallet balances, users should handle this secret with extreme caution. - [EXTERNAL_DOWNLOADS]: The skill installs the
@indigoprotocol/cardano-mcppackage via Node.js. This is a vendor-owned resource originating from the skill author 'IndigoProtocol' and is required to facilitate communication with the Cardano network. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via blockchain data. Asset names or metadata stored on-chain could contain malicious instructions that an agent might follow when processing wallet balances.
- Ingestion points: Asset names and hex-encoded labels returned by the
get_balancestool (documented inreferences/mcp-tools.md). - Boundary markers: None specified in the instructions for separating external blockchain data from system prompts.
- Capability inventory: The skill is granted
Read,Glob, andGrepcapabilities (documented inSKILL.md), allowing the agent to read local files. - Sanitization: No explicit sanitization or validation of asset names is described before they are presented to the agent.
Audit Metadata