x
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill exposes a significant attack surface through the
mcp__world_x_aptos__aptos_intenttool. - Ingestion points: Untrusted data enters the agent context when processing natural language intents in
SKILL.md, which may originate from attacker-controlled external sources like web pages or emails. - Boundary markers: The skill lacks explicit delimiters or system-level instructions to ignore embedded commands within the natural language strings passed to the intent engine.
- Capability inventory: The skill possesses high-impact capabilities including
aptos_transfer(moving funds),aptos_swap(interacting with DEXs), andaptos_stake(validator operations), which can result in financial loss if abused. - Sanitization: No evidence of input sanitization, schema validation, or intent filtering is provided in the skill configuration.
Recommendations
- AI detected serious security threats
Audit Metadata