ERC-8004 Agent Discovery
Warn
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted agent metadata from a public registry. An attacker could register a malicious agent with instructions in its name or description designed to hijack the AI agent's logic during discovery. 1. Ingestion Point: Agentscan API (agentscan.info) via scripts/discover.py. 2. Boundary markers: Absent in the provided skill instructions. 3. Capability inventory: Local script execution and file writing to /tmp for monitoring. 4. Sanitization: No sanitization of external metadata is described before processing or display.
- [DATA_EXFILTRATION] (LOW): The skill performs network operations to agentscan.info, which is not included in the whitelisted domains. While essential for the tool's functionality, it represents an external data dependency.
- [COMMAND_EXECUTION] (LOW): The skill requires the execution of local Python scripts (scripts/discover.py) as its primary interface, which is a standard but necessary-to-note execution vector.
Audit Metadata