Skills
skills/orbiter-finance/bridge-skills/orbiter-sign-broadcast/Gen Agent Trust Hub

orbiter-sign-broadcast

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFENO_CODE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the 'orbiter' CLI tool, a resource provided by the vendor, to execute transaction signing and broadcasting functions.
  • [CREDENTIALS_UNSAFE]: The skill accepts a privateKey input or ORBITER_PRIVATE_KEY environment variable. While these are highly sensitive credentials, they are utilized locally for the skill's primary signing purpose according to the documentation.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its input parameters. * Ingestion points: Data enters the context via the 'template' JSON string and 'templateFile' path (SKILL.md). * Boundary markers: There are no explicit delimiters or instructions to the agent to ignore embedded commands within the template data. * Capability inventory: The skill performs transaction signing and broadcasting via the orbiter CLI (SKILL.md). * Sanitization: The documentation does not describe any validation or sanitization of the template content before processing.
  • [NO_CODE]: The skill does not bundle any executable scripts or binary files, relying instead on the presence of an external CLI tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:17 AM