siwe
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
iron-sessionpackage from the official NPM registry to handle encrypted cookie-based sessions. This is a standard dependency for the stated functionality. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external Ethereum wallets.
- Ingestion points: The
/api/siwe/verifyAPI route inpackages/nextjs/app/api/siwe/verify/route.tsacceptsmessageandsignaturestrings from the request body. - Boundary markers: The implementation lacks explicit boundary markers or instructions to the agent to ignore potentially malicious content embedded within user-controlled fields of the SIWE message, such as the
statementoruri. - Capability inventory: The skill uses the ingested data for signature verification. Although it does not directly perform dangerous system operations using this data, the resulting authenticated session state determines the user's identity and permissions for subsequent agent actions.
- Sanitization: The implementation uses the
viem/siwelibrary to parse and verify the message, which provides structural and cryptographic validation but does not sanitize the natural language content for potential prompt injection attacks.
Audit Metadata