sui-client
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on the @mysten/sui SDK. This is the official and well-known library for Sui blockchain development, and its download from the npm registry is considered safe functionality.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its capability to perform blockchain transactions. 1. Ingestion points: The skill reads external, untrusted data from the Sui blockchain using functions like getObject, getCoins, and queryEvents in src/index.ts. 2. Boundary markers: No delimiters or instructions are used to prevent the agent from interpreting instructions that might be embedded in blockchain object data or metadata. 3. Capability inventory: Through the executeTransaction function, the agent has the power to sign and execute blockchain transactions, which could be exploited to perform unauthorized asset transfers if the agent follows instructions found in processed data. 4. Sanitization: The skill does not perform validation or sanitization of the data retrieved from the network before it is processed by the agent.
Audit Metadata