cardexscan-p2p
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted user input such as blockchain addresses, asset policy IDs, and amounts through CLI arguments and passes them to a marketplace client for Cardano operations. This creates an indirect prompt injection surface where malicious input could potentially influence the logic of the underlying client library. \n
- Ingestion points: CLI arguments in scripts/create-offer.js, scripts/fill-offer.js, scripts/cancel-offer.js, and scripts/my-offers.js. \n
- Boundary markers: None present in the scripts to isolate user-provided data from the execution context. \n
- Capability inventory: Performs state-changing operations on the Cardano blockchain, including creating, filling, and cancelling marketplace offers. \n
- Sanitization: Uses basic numeric conversion (parseInt) for some inputs, but lacks robust validation or sanitization for blockchain-specific identifiers like addresses and policy IDs. \n- [COMMAND_EXECUTION]: The skill defines and executes Node.js scripts via CLI to interact with the marketplace. While it uses argument passing rather than shell interpolation, it depends on an external script (../../../scripts/cardexscan-client.js) located outside the skill's root directory to perform its core functions.
Audit Metadata