skills/aibtcdev/skills/ordinals/Gen Agent Trust Hub

ordinals

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
  • Ingestion points: The get-inscription command in ordinals.ts retrieves content and metadata from the Bitcoin blockchain via the mempool.space API. This content is controlled by external, untrusted parties.
  • Boundary markers: The retrieved blockchain data is presented to the agent in a structured JSON format, but lacks explicit instructions or delimiters to treat the content as data only and ignore any embedded instructions.
  • Capability inventory: The skill includes high-privilege capabilities such as building, signing, and broadcasting Bitcoin transactions (inscribe, inscribe-reveal, and transfer-inscription). If an agent is manipulated by malicious content found in an inscription, it could be tricked into performing unauthorized transfers.
  • Sanitization: While the bodyText of the inscription is truncated to 1000 characters, no sanitization, filtering, or instruction-detection is performed on the retrieved text content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 06:23 PM
Security Audit — agent-trust-hub — ordinals