alice
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill utilizes the
mcp__alice_aptos__aptos_intenttool to process natural language input, which could be exploited to inject malicious instructions if the agent processes untrusted data.\n - Ingestion points: Natural language input via the
aptos_intenttool and bibliography data frombib.duckdb.\n - Boundary markers: No explicit boundary markers or delimiters are defined to separate system instructions from processed data.\n
- Capability inventory: The skill has access to sensitive blockchain capabilities including
aptos_transfer,aptos_swap, andaptos_stake.\n - Sanitization: No input sanitization or filtering is documented, although the
aptos_transfertool requires a manual approval step which serves as a security control.
Audit Metadata