data
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data retrieved from the Stellar blockchain, such as ledger entries, transaction histories, and contract events. This creates a surface for indirect prompt injection if the agent processes malicious strings embedded in blockchain records.
- Ingestion points: Data enters the context via
rpc.getEvents,rpc.getLedgerEntries, and Horizon endpoints likeserver.transactions().forAccount(publicKey). This data originates from on-chain activity which can be controlled by any network participant. - Boundary markers: The skill lacks explicit instructions or delimiters (like XML tags or markdown blocks with 'ignore' directives) to differentiate between verified instructions and untrusted data fetched from the chain.
- Capability inventory: The skill possesses the capability to simulate transactions (
rpc.simulateTransaction), submit signed transactions to the network (rpc.sendTransaction,server.submitTransaction), and poll for state changes. - Sanitization: There is no evidence of content sanitization or validation of the fetched blockchain data before it is presented to the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill relies on official Stellar development resources and standard package registries.
- Dependencies: The skill instructions demonstrate usage of the official
@stellar/stellar-sdkpackage. - Network References: The skill connects to official network endpoints including
https://soroban-testnet.stellar.org,https://horizon.stellar.org, and public infrastructure repositories on GitHub.
Audit Metadata