phantom-wallet-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the
@phantom/mcp-serverpackage from the official npm registry using thenpxcommand.\n- [COMMAND_EXECUTION]: The skill executes the@phantom/mcp-serveras a subprocess to provide wallet functionality to the agent via stdio transport.\n- [PROMPT_INJECTION]: The skill provides high-privilege tools (e.g.,transfer_tokens,sign_transaction) that introduce a vulnerability surface for indirect prompt injection.\n - Ingestion points: The skill processes instructions that may be derived from external, untrusted sources handled by the agent.\n
- Boundary markers: There are no explicit instructions or delimiters in the skill definition to prevent the agent from executing commands embedded within data.\n
- Capability inventory: Tools are provided for token transfers, transaction signing, and message signing across multiple blockchains (SKILL.md).\n
- Sanitization: The skill relies on external OAuth flows and the user's manual approval within the Phantom wallet interface, but lacks internal validation of the agent's intent.
Audit Metadata