Skills
skills/b-open-io/1sat-sdk/wallet-create-ordinals/Gen Agent Trust Hub

wallet-create-ordinals

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/mint.ts accepts a Wallet Import Format (WIF) private key as a positional command-line argument. This is an insecure practice because the key remains visible in the system's process table (e.g., via ps or top commands) and may be recorded in the shell's command history.
  • [DATA_EXFILTRATION]: The createRemoteWallet function in scripts/mint.ts transmits the user's private key to an external endpoint (https://api.1sat.app/1sat/wallet). While this is the intended design for the 1sat remote wallet service, transmitting unencrypted private keys to a third-party server represents a significant security risk for the user's assets.
  • [COMMAND_EXECUTION]: The skill uses the Bash(bun:*) tool to execute a TypeScript-based minting script that performs blockchain operations and handles local file system access.
  • [PROMPT_INJECTION]: The skill processes untrusted metadata strings and file contents for blockchain inscription, creating a surface for indirect injection.
  • Ingestion points: The metadataJson command-line argument and the contents of the file specified by filePath in scripts/mint.ts.
  • Boundary markers: None identified; the skill does not use delimiters or instructions to prevent the agent from being influenced by embedded commands in the processed data.
  • Capability inventory: The skill can write to the blockchain via inscribe.execute, potentially inscribing malicious payloads.
  • Sanitization: The script uses JSON.parse for metadata validation and encodes file content into Base64 format before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 05:39 PM
Security Audit — agent-trust-hub — wallet-create-ordinals