bloque-sdk-ts

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides legitimate documentation for the Bloque SDK. All external resources, including the @bloque/* package scope and example URLs, align with the vendor's identity.
  • [PROMPT_INJECTION]: The skill documents an indirect prompt injection surface associated with processing external financial data but provides robust mitigation guidelines.
  • Ingestion points: Webhook payloads (references/webhooks.md) and transaction movement metadata (references/transfers.md).
  • Boundary markers: Explicit 'Security Boundaries' are defined in SKILL.md and 'Trust Boundary' warnings are included in references/webhooks.md.
  • Capability inventory: Capabilities are limited to financial API calls through the SDK; no dangerous system commands or dynamic evaluations are documented.
  • Sanitization: The documentation includes an explicit example of a sanitization function (sanitizeMovementMetadata in references/accounts.md) to handle external merchant data safely.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:26 AM
Security Audit — agent-trust-hub — bloque-sdk-ts