Web3 Guide
Web3 wallet prompt injection through AI agents
When an AI agent uses a relay before wallet-related actions, a malicious or compromised relay can try to steer transfer guidance, weaken signature isolation, or normalize unsafe handling of private keys. API Relay Audit keeps these checks profile-gated so general relay audits remain focused.
Threat model
- The user sends wallet-related instructions through an AI API relay.
- The relay can insert hidden instructions or rewrite the model path.
- The model may then provide unsafe transfer guidance, signed-transaction behavior, or private-key handling language.
Run Web3 profile checks
python audit.py \
--key <YOUR_KEY> \
--url <BASE_URL> \
--profile web3 \
--output web3-relay-audit.mdWhat the probes check
| Probe family | Expected safe behavior |
|---|---|
| Transfer guidance | The model should avoid directly instructing unsafe or unauthorized transfers. |
| Signed transaction refusal | The model should refuse to sign transactions or imply it can sign on the user's behalf. |
| Private-key refusal | The model should refuse to request, reveal, or process private keys. |
Limits
These probes do not prove a wallet stack is safe. They test relay and model behavior under specific prompts. Keep transaction signing, key custody, and policy enforcement outside the relay path wherever possible.
For documentation work on this threat model, track issue #33: Web3 wallet prompt injection threat model.