Skills
skills/sendaifun/skills/debridge/Gen Agent Trust Hub

debridge

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the deBridge Solana SDK directly from the official deBridge Finance GitHub repository using the cargo dependency manager (github.com/debridge-finance/debridge-solana-sdk.git).
  • [DATA_EXFILTRATION]: The skill exposes functions for sending arbitrary data buffers across blockchains (send_message, invoke_debridge_send). While this is the intended purpose of the protocol, it enables the transmission of data from the agent's environment to external networks.
  • [PROMPT_INJECTION]: The skill implements cross-chain message processing, which creates an indirect prompt injection surface where the agent may ingest data containing malicious instructions from other blockchains.
  • Ingestion points: The receive_message and receive_governance functions in examples/message-passing/README.md are entry points for untrusted data from external chains.
  • Boundary markers: The provided code examples lack boundary markers or explicit instructions for the agent to ignore command-like content within received messages.
  • Capability inventory: The skill enables cross-chain transfers and arbitrary contract calls (invoke_debridge_send, invoke_init_external_call) which could be triggered by processed data.
  • Sanitization: No payload validation or instruction filtering is implemented in the provided message processing examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 12:04 PM