bob
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection Surface. Ingestion points: The
aptos_intenttool inSKILL.mdis designed to interpret natural language instructions, which may include malicious directives from untrusted data sources. Boundary markers: None defined to isolate the natural language intent from the agent's system instructions. Capability inventory: High-impact operations includingaptos_transfer,aptos_swap, andaptos_stakethat modify blockchain state and financial assets. Sanitization: No evidence of input validation or verification for natural language intents. - [COMMAND_EXECUTION] (HIGH): The skill provides tools for executing state-changing blockchain commands. If an attacker successfully exploits the
aptos_intenttool via indirect injection, they could execute unauthorized financial transactions such as transferring APT tokens to an attacker-controlled address.
Recommendations
- AI detected serious security threats
Audit Metadata