Skills
skills/keep-starknet-strange/starknet-agentic/starknet-identity/Gen Agent Trust Hub

starknet-identity

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection vulnerability surface.
  • Ingestion points: The skill reads untrusted data from the Starknet blockchain using functions like get_metadata, read_feedback, and get_validation_status, as well as fetching content via IPFS links.
  • Boundary markers: No delimiters or isolation mechanisms are present in the documentation to separate untrusted blockchain data from agent prompts.
  • Capability inventory: Frontmatter authorizes high-privilege tools including Bash, Write, and Task.
  • Sanitization: No logic is present to sanitize or validate strings retrieved from the decentralized registries before they are processed by the agent.
  • Risk: Attackers can inject malicious instructions into agent metadata or feedback on-chain, which could be executed by the agent's powerful system tools.
  • [COMMAND_EXECUTION] (MEDIUM): Privilege Risk. The skill requests access to Bash and Task tools, which significantly increases the potential impact of data-driven injection attacks.
  • [EXTERNAL_DOWNLOADS] (MEDIUM): Unverifiable dependency. The skill requires the starknet npm package, which is not from a designated trusted organization in the security policy.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:17 AM