yield-agentkit-privy
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security layer by providing the agent with specific denylists and behavioral rules to detect and halt prompt injection attempts from external sources.
- [SAFE]: Transaction execution is guarded by Privy's infrastructure, which enforces spending limits and allowlists within a Trusted Execution Environment (TEE), ensuring that keys are only accessed if policies are met.
- [SAFE]: The skill includes a dedicated Semi-Autonomous workflow specifically designed for high-security environments, requiring manual user approval on a dashboard for every transaction.
- [SAFE]: Static analysis alerts regarding 'Ignore previous instructions' and 'unrestricted mode' are confirmed false positives; these strings are part of the skill's internal security checklist for the agent to watch for in user data.
- [SAFE]: Network operations are restricted to well-known technology providers (Privy) and the vendor's own verified infrastructure (Yield.xyz).
- [SAFE]: The skill follows security best practices by validating the presence of required environment variables without attempting to collect or exfiltrate the secrets themselves.
Audit Metadata