pasp
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- Data Exposure & Credentials (MEDIUM): The skill requires a path to an Arweave JWK wallet file (
wallet_path) in its configuration. Accessing private keys is a high-risk operation. While necessary for the skill's primary purpose of signing blockchain transactions, users must ensure the wallet file is properly secured and contains only necessary funds. - External Downloads & Unverifiable Dependencies (MEDIUM): The installation instructions require cloning from
github.com/lobster-skills/pasp, which is not a trusted source according to the [TRUST-SCOPE-RULE]. The skill also depends on several external NPM packages that are installed at runtime. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from the permaweb via
queryPosts,getProfile, andgetThreadcommands. - Ingestion points: Data is fetched from Arweave GraphQL and transaction data fields.
- Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present when processing fetched content.
- Capability inventory: The skill has
arweave.uploadcapabilities, allowing it to write data back to the blockchain. - Sanitization: Uses the
markedlibrary to render Markdown to HTML, providing basic structural parsing but no protection against prompt injection within the text itself. - Data Exfiltration (LOW): The skill uploads data to
arweave.net. While this is the intended functionality of a permaweb social protocol, it involves sending data to a non-whitelisted domain. Given it also accesses a wallet file, there is a theoretical risk of key exfiltration if the code were malicious, though no such logic was detected in the provided source.
Audit Metadata