ton-nfts
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the retrieval and display of NFT metadata, which constitutes an indirect prompt injection surface.\n
- Ingestion points: Untrusted external data enters the agent context via the output of the
get_nfts,get_nfts_by_address, andget_nfttools as defined inSKILL.md.\n - Boundary markers: The skill lacks explicit boundary markers or instructions to the model to ignore potential commands embedded in the retrieved metadata.\n
- Capability inventory: The skill has access to the
send_nfttool, allowing it to perform asset transfers based on model decisions.\n - Sanitization: No sanitization, validation, or filtering of the NFT metadata is mentioned or implemented before the data is presented to the language model.
Audit Metadata