erc-8004
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill frequently employs
node -eto process data locally, such as encoding ABI calldata for Ethereum transactions and decoding hex responses inget-agent.sh,register-http.sh, andregister.sh. - [COMMAND_EXECUTION]: Scripts including
bridge-to-mainnet.sh,register.sh, andupdate-profile.shexecute~/thinkfleet/skills/bankr/scripts/bankr.sh. This represents a cross-skill dependency on a vendor-owned resource for managing blockchain transactions. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to well-known infrastructure providers, including Pinata for IPFS pinning, and Alchemy or LlamaRPC for Ethereum blockchain interactions.
- [PROMPT_INJECTION]: An indirect prompt injection surface is present in
get-agent.shdue to how it handles external agent data. - Ingestion points: The script fetches agent registration JSON files from remote IPFS gateways or arbitrary HTTP URLs specified by on-chain records.
- Boundary markers: Fetched content is printed to the terminal without delimiters or instructions to the agent to ignore potentially malicious embedded text.
- Capability inventory: The skill provides capabilities for bridging funds, uploading data, and submitting on-chain transactions via the
bankrutility. - Sanitization: External content is passed through
jqfor formatting but undergoes no security sanitization or validation before being output into the agent's context.
Audit Metadata