signing
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The
stacks-signandbtc-signcommands insigning.tsinclude a--wallet-passwordoption. Passing sensitive credentials as command-line arguments is inherently insecure because they remain visible in plain text to all users and monitoring processes on the system (e.g., viaps aux). While the documentation correctly warns against this and suggests an environment variable alternative (--wallet-password-env), the presence of the flag itself creates a high risk of credential exposure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted text data via the
--messageand--digestflags and uses it as the payload for cryptographic signing using private keys. An attacker could potentially trick an agent or user into signing a malicious message or a transaction-related digest. - Ingestion points: User-provided inputs via
--messageinstacks-sign,btc-sign, andsip018-sign, as well as--digestinschnorr-sign-digest. - Boundary markers: Absent. Arguments are processed directly from the CLI input into the signing functions.
- Capability inventory: Powerful cryptographic functions (
signStructuredData,signMessageHashRsv,bip322Sign,schnorr.sign) that authorize identity or value transfers. - Sanitization: No validation or content-filtering is performed on the data before signing.
- [EXTERNAL_DOWNLOADS]: The skill relies on external node packages for core logic, including
@stacks/transactions,@stacks/encryption,@noble/curves, and@scure/btc-signer. These are established ecosystem libraries, but they constitute third-party dependencies that must be managed and verified. - [SAFE]: The implementation of the
schnorr-sign-digestcommand includes a robust safety feature requiring the--confirm-blind-signflag. This prevents the automated signing of opaque 32-byte digests without explicit confirmation of the risk.
Recommendations
- AI detected serious security threats
Audit Metadata