Skills
skills/starchild-ai-agent/community-skills/@2004/erc-8004/Gen Agent Trust Hub

@2004/erc-8004

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches and processes untrusted data from external sources.\n
  • Ingestion points: The get_agent function in _identity.py and read_all_feedback in _reputation.py retrieve data from arbitrary remote URLs (via tokenURIs) and blockchain logs.\n
  • Boundary markers: The skill does not implement boundary markers or instructions for the agent to ignore potentially malicious content within the fetched registration files or feedback strings.\n
  • Capability inventory: The skill has the capability to perform on-chain transactions using send_contract_tx in _utils.py via the platform's wallet tool.\n
  • Sanitization: No sanitization or validation of the fetched JSON content is performed beyond standard parsing.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to retrieve configuration and registration files from remote servers.\n
  • Evidence: In _identity.py, the get_agent function uses urllib.request.urlopen to download data from http, https, and ipfs (via the ipfs.io gateway) based on the token_uri found on the blockchain.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 11:46 AM
Security Audit — agent-trust-hub — @2004/erc-8004