sui-bcs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill demonstrates processing of untrusted external data which is subsequently used to drive high-privilege operations, constituting a significant Indirect Prompt Injection surface.
- Ingestion points: Untrusted data enters the agent context via functions like
RegistrationRequest.parse(requestData)andTransferRequest.parse(requestBytes)inreference/workflows.md. - Boundary markers: The skill relies on structural BCS schemas for data delimitation but lacks explicit instructions or delimiters to prevent embedded natural language commands within parsed strings from influencing downstream reasoning.
- Capability inventory: The documentation examples include database write operations (
saveUserToDatabase) and the construction and execution of blockchain transactions (tx.moveCall,tx.setGasBudget) inreference/workflows.md. - Sanitization: The skill provides robust examples of sanitization including cryptographic signature verification (
validateSignature), timestamp checks to prevent replay attacks, and type-specific range validation for numeric and string types.
Recommendations
- AI detected serious security threats
Audit Metadata