nfd
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill possesses a high-risk surface for Indirect Prompt Injection (Category 8) due to the combination of processing untrusted blockchain metadata and holding privileged transaction capabilities.
- Ingestion points: External data enters the agent context through NFD names, user-defined metadata (bios, websites, etc.), and verified properties via
nfd.resolveandnfd.api.search(references/resolve.md,references/search.md). - Boundary markers: No instructions or delimiters are provided to the agent to differentiate between system instructions and untrusted metadata values.
- Capability inventory: The skill allows the agent to execute on-chain 'write' operations, including address linking (
manage().linkAddress()), minting new NFDs, and purchasing names from the marketplace (references/managing.md,references/minting.md). - Sanitization: There is no evidence of sanitization, validation, or escaping of fetched on-chain content before it is processed by the agent.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the installation of
@txnlab/nfd-sdkandalgosdk(references/getting-started.md). Because@txnlabis not an organization within the predefined [TRUST-SCOPE-RULE] list, these dependencies must be manually audited for safety and version pinned to prevent supply chain attacks. - DATA_EXFILTRATION (LOW): The skill performs network operations to
api.nf.domainsandapi.testnet.nf.domains, which are not on the whitelisted domains for data exfiltration analysis. While expected for this service, it constitutes an external data flow.
Recommendations
- AI detected serious security threats
Audit Metadata