check-bitcoin
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill extracts highly sensitive financial data including wallet descriptors via 'bitcoin-cli listdescriptors', balance information via 'getwalletinfo', and transaction history via 'listunspent'. This represents a total exposure of the wallet's privacy and security configuration to the AI agent context.
- [CREDENTIALS_UNSAFE] (HIGH): The skill performs 'ls -1 ~/.bitcoin' to identify 'bitcoin.conf'. This configuration file is the standard location for plaintext RPC credentials (rpcuser/rpcpassword), which would grant an attacker full control over the Bitcoin node if the credentials are leaked.
- [COMMAND_EXECUTION] (HIGH): The command 'bitcoin-cli getaddressinfo "<btc_address>"' in SKILL.md interpolates a variable into a shell string. This is a primary vector for command injection if the address is sourced from untrusted input and not strictly validated before execution.
- [PROMPT_INJECTION] (MEDIUM): Category 8: Indirect Prompt Injection Risk. 1. Ingestion points: User-supplied Bitcoin addresses and raw stdout from 'bitcoin-cli' commands. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of 'bitcoin-cli' and filesystem listing via 'ls'. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata