openserv-client
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill handles WALLET_PRIVATE_KEY by loading it from and potentially writing it to the local .env file via the provision() function as noted in troubleshooting.md. Plaintext storage of private keys in local files poses a risk of credential exposure.
- PROMPT_INJECTION (LOW): The skill contains an attack surface for Indirect Prompt Injection (Category 8):
- Ingestion points: Webhook input fields defined in examples/agent.ts and examples/create-agent.ts.
- Boundary markers: Absent. The agent uses a generic system prompt ('You are a helpful assistant') without structural delimiters to separate untrusted data from instructions.
- Capability inventory: The processRequest capability and task descriptions allow the AI to act on incoming webhook data.
- Sanitization: No input validation or sanitization is performed on the data received from external webhooks.
- EXTERNAL_DOWNLOADS (LOW): The skill installs @openserv-labs/sdk and @openserv-labs/client. These packages are from a non-standard organization and should be verified for safety before installation.
Audit Metadata