b
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONNO_CODE
Full Analysis
- Indirect Prompt Injection (HIGH): The skill defines an ingestion point for natural language intent that interacts with sensitive blockchain operations. 1. Ingestion point: The tool 'mcp__world_b_aptos__aptos_intent' in SKILL.md processes untrusted natural language. 2. Boundary markers: No delimiters or isolation instructions are present to separate intent from potential malicious commands. 3. Capability inventory: High-privilege tools like 'aptos_transfer', 'aptos_swap', and 'aptos_approve' are available to the agent. 4. Sanitization: No input validation logic is described to prevent command hijacking via the intent tool.
- No Code (LOW): The skill contains only markdown documentation and tool definitions without executable scripts, which eliminates the risk of direct malware execution while leaving architectural vulnerabilities intact.
Recommendations
- AI detected serious security threats
Audit Metadata