w
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Injection (HIGH): The skill exposes a high-risk surface for Indirect Prompt Injection via the
aptos_intenttool. - Ingestion points: Untrusted natural language data enters the agent context through the
mcp__world_w_aptos__aptos_intenttool (SKILL.md). - Boundary markers: The documentation provides no evidence of delimiters or instructions to ignore embedded commands within the intent processing.
- Capability inventory: The skill possesses high-impact 'write' capabilities, including
aptos_transfer(asset transfer),aptos_swap(DEX operations), andaptos_approve(transaction authorization). - Sanitization: There is no evidence of input validation or sanitization for the natural language processing component.
- Command Execution (MEDIUM): The skill enables the execution of blockchain transactions. While the documentation notes that transfers 'require approval', the logic for generating these transaction requests is driven by the agent's interpretation of input, which can be manipulated to trigger unauthorized financial actions.
Recommendations
- AI detected serious security threats
Audit Metadata