near-api-js
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (HIGH): The documentation enables high-privilege blockchain actions. An agent using these as templates for processing untrusted data is at high risk. 1. Ingestion points:
key_management.md,tokens_guide.md, andmeta_transactions.md. 2. Boundary markers: Absent. 3. Capability inventory: Private key signing, access key rotation, and NEAR/FT transfers. 4. Sanitization: Absent. - [Credentials Unsafe] (LOW): Truncated example keys and signatures are found in
key_management.mdandnep413.mdbut are clearly for educational use. - [No Code] (INFO): The skill contains only Markdown documentation and no executable scripts.
Recommendations
- AI detected serious security threats
Audit Metadata