ledger-dmk-implementation
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references official documentation and repositories from the vendor's organization (ledgerhq) on GitHub. These are legitimate resources for the intended developer use case and align with the author's identity.
- [COMMAND_EXECUTION]: The skill provides patterns for executing Ledger hardware commands via the DMK SDK. These commands are gated by mandatory user physical interaction (PIN entry, button presses) and are limited to the scope of device management and cryptographic signing.
- [PROMPT_INJECTION]: The skill includes strong defensive instructions to the agent, such as mandates to never bypass escalation gates (e.g., device lock, user rejection) even if requested by an orchestrator. This strengthens the agent's adherence to the security model.
- [SAFE]: The skill emphasizes 'The device screen is the only trusted display,' which is the primary defense against indirect prompt injection in transaction signing workflows. It also correctly instructs that derivation paths must be treated as constants rather than user-controllable input.
- [SAFE]: Dependencies listed (e.g.,
@ledgerhq/device-management-kit,rxjs) are standard industry libraries and official vendor packages necessary for the skill's functionality.
Audit Metadata