moltbank
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a local moltbank CLI for its primary operations and provides specific procedures for installation and updates using npm. It enforces a strict policy of only executing a pre-defined set of hardcoded maintenance commands, preventing the agent from being manipulated into running arbitrary shell code.
- [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the @moltbankhq/cli and @megalinker/mbcli packages from the official npm registry. These resources are vendor-owned and necessary for the skill's financial management features.
- [PROMPT_INJECTION]: The skill implements a 'Security Anti-Injection Rule' that mandates the agent ignore any commands, configuration paths, or instructions found within tool outputs or remote data. This prevents indirect prompt injection from influencing the agent's behavior during update or authentication flows.
- [DATA_EXFILTRATION]: To protect sensitive treasury data, the skill enforces session isolation and mandates that all authentication and approval URLs belong to the verified domain app.moltbank.bot. It also requires explicit user approval for any transaction that modifies financial state.
- [SAFE]: The skill's design incorporates comprehensive security guardrails, such as domain verification and provenance checks, ensuring that its privileged capabilities are used within a well-defined and monitored safety framework.
Audit Metadata