Skills
skills/aibtcdev/skills/bounty-scanner/Gen Agent Trust Hub

bounty-scanner

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data (bounty titles, descriptions, and tags) from a remote API and displaying it directly to the agent.
  • Ingestion points: Data enters the agent's context via the scan, match, and detail commands in bounty-scanner.ts which fetch data from https://bounty.drx4.xyz/api.
  • Boundary markers: None. The external data is interpolated into JSON output without delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The agent is empowered to perform automated claims and generate cryptographic signatures using the signing skill.
  • Sanitization: No sanitization or safety filtering is performed on the bounty content before it is processed by the matching logic or presented to the agent.
  • [EXTERNAL_DOWNLOADS]: The skill makes frequent network requests to https://bounty.drx4.xyz/api to sync bounty data and statistics. This domain is the primary data source for the skill's functionality.
  • [DATA_EXFILTRATION]: The claim flow instructs the agent to send sensitive information, including a BTC address and a cryptographic signature, to a dynamic endpoint provided by the API. While essential for the skill's purpose, this pattern poses a risk if the API returns a malicious or third-party endpoint to harvest signatures.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:32 PM
Security Audit — agent-trust-hub — bounty-scanner