erc-8004
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides an indirect prompt injection vulnerability surface by fetching data from untrusted external sources.
- Ingestion points: The skill utilizes
sdk.loadAgent()andsdk.searchAgents()(detailed inreferences/sdk-typescript.mdandreferences/search-discovery.md) to ingest agent metadata, such as names and descriptions, from remoteagentURIsources (IPFS/HTTPS). - Boundary markers: There are no specified delimiters or instructions to ignore embedded content within the documentation for handling these external strings.
- Capability inventory: The skill enables blockchain interactions for registration and reputation management, as well as IPFS and subgraph queries.
- Sanitization: No sanitization or escaping mechanisms are described for processing external metadata before it is presented to the agent.
- [COMMAND_EXECUTION]: The
package.jsonfile contains avalidatescript that executes a local Python script (python3 ../.claude/skills/skill-creator/scripts/quick_validate.py .). This is an internal utility for skill validation and does not represent remote code execution.
Audit Metadata