u
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The tool
aptos_intentaccepts natural language input to perform blockchain actions. This is a high-risk surface for indirect prompt injection where malicious instructions embedded in processed data could lead to unauthorized asset transfers or swaps. * Ingestion points: Input tomcp__world_u_aptos__aptos_intenttool. * Boundary markers: None specified. * Capability inventory:aptos_transfer,aptos_swap,aptos_stake(high-privilege financial operations). * Sanitization: No sanitization mechanisms are described for natural language processing. - Command Execution (MEDIUM): The skill grants access to tools that modify blockchain state and manage assets. While intended, these are high-privilege capabilities that require strict oversight.
- Metadata Poisoning (LOW): The description 'Unicode/typesetting tools' contradicts the actual blockchain-focused toolset, indicating misleading or incorrect metadata.
Recommendations
- AI detected serious security threats
Audit Metadata