privy
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill requires the PRIVY_APP_SECRET environment variable for authentication. While this is fundamental to its primary function of managing wallets, the potential for total loss of funds if the secret is exposed or exfiltrated warrants a high-risk classification, adjusted to MEDIUM due to its intended use.
- COMMAND_EXECUTION (MEDIUM): The skill instructs the agent to use curl for executing blockchain transactions and managing security policies. Shell-based execution for financial operations is a sensitive capability that could be abused if arguments are manipulated.
- PROMPT_INJECTION (LOW): The skill includes comprehensive defensive instructions to detect injection patterns like 'Ignore previous instructions'. However, an indirect prompt injection surface exists where the agent processes transaction data. Evidence Chain: (1) Ingestion: User instructions in conversation (SKILL.md); (2) Boundary: Specific detection patterns provided in 'Prompt Injection Detection' section; (3) Capability: Subprocess curl calls to api.privy.io; (4) Sanitization: Mandatory policy enforcement and verbal confirmation for deletions.
- EXTERNAL_DOWNLOADS (SAFE): Network interactions are correctly limited to the official api.privy.io domain necessary for the skill's operation.
Audit Metadata