assets
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8c: Tool output poisoning). It instructs the agent to fetch and process
info.jsonmetadata from thetrustwallet/assetsGitHub repository. Since this repository accepts public contributions via Pull Requests, an attacker could potentially embed malicious instructions within token descriptions or other metadata fields that the agent might subsequently follow. - Ingestion points: Reads token metadata using
gh apifrom thetrustwallet/assetsrepository as described inSKILL.md. - Boundary markers: No delimiters or "ignore embedded instructions" warnings are specified for the fetched JSON content.
- Capability inventory: The skill references execution of local
makecommands andgh apicalls inSKILL.md. - Sanitization: No sanitization or validation of the external JSON content is mentioned before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill includes several
makecommands (e.g.,make check,make fix,make add-token) intended for local asset management and validation. While these are standard project maintenance scripts, they represent a capability to execute local commands on the host system if the repository is cloned.
Audit Metadata