light-protocol
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- CREDENTIALS_UNSAFE (MEDIUM): The skill's primary function involves managing private keys to sign blockchain transactions. Several scripts, including
examples/zk-compression/compress-spl.tsandexamples/setup/example.ts, access sensitive data viaprocess.env.PRIVATE_KEYor by reading a local./keypair.jsonfile. While expected for its intended use case, this pattern creates a risk of sensitive data exposure if the environment is compromised. Severity is reduced from HIGH to MEDIUM as this behavior is core to the primary skill purpose. - DATA_EXFILTRATION (LOW): The skill initiates network connections to external RPC endpoints (e.g.,
helius-rpc.com) to interact with the Solana network. These domains are not included in the trusted whitelist, representing a low-risk external data transfer finding. - Indirect Prompt Injection (LOW): The skill interacts with untrusted data retrieved from the blockchain which could influence agent logic.
- Ingestion points: Data enters the context through RPC calls like
getCompressedAccountsByOwnerinexamples/setup/example.tsandgetCompressedTokenAccountsByOwnerinexamples/querying/fetch-accounts.ts. - Boundary markers: No specific boundary markers or 'ignore embedded instructions' warnings are present to isolate retrieved data.
- Capability inventory: The skill has powerful capabilities across its files, including
sendAndConfirmTransaction,transfer,mintTo,compress, anddecompress. - Sanitization: There is no evidence of data sanitization or validation of on-chain content before it is processed or logged.
Audit Metadata