universal-signer
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (MEDIUM): The skill recommends installing several NPM packages such as @universal-signer/core and viem. These packages are not from the designated trusted sources and present a supply chain risk.
- Prompt Injection (HIGH): This skill defines a significant Indirect Prompt Injection surface (Category 8) by teaching the agent to perform high-privilege signing actions. Ingestion points: Transaction parameters such as recipient address, value, and calldata are typically derived from untrusted external or user input. Boundary markers: No delimiters or instructions are provided in the skill to isolate untrusted data or prevent the agent from obeying instructions embedded in the transaction data. Capability inventory: Includes high-impact capabilities like sendTransaction, signMessage, and signTypedData. Sanitization: There is no evidence of sanitization or validation logic to ensure transaction integrity before signing.
Recommendations
- AI detected serious security threats
Audit Metadata