[Safety] Add optional HITL (Human-in-the-Loop) guardrail to 'transfer_extrinsic' for AI Agent safety #3251
Description
Is your feature request related to a problem? Please describe.
I am currently auditing the Bittensor SDK for integration with autonomous AI Agents. During my security review, I noticed that transfer_extrinsic in bittensor/core/extrinsics/transfer.py is designed for atomic, silent execution without a built-in interactive confirmation option.
While this design is efficient for automated mining scripts, it presents a significant Insecure Design risk when the SDK is exposed to LLM-based Agents. If an Agent suffers from Indirect Prompt Injection, an attacker can force the Agent to invoke transfer_extrinsic. Since the function executes immediately (assuming the wallet is unlocked in memory), funds can be drained instantly without any opportunity for human intervention.
Describe the solution you'd like
I propose adding an optional prompt: bool = False parameter to the transfer_extrinsic signature.
If prompt=True is passed, the SDK should enforce a console confirmation (e.g., using rich.prompt.Confirm) before signing and sending the extrinsic.
Describe alternatives you've considered
Developers can implement their own wrappers. However, incorporating this as a standard safety primitive in the Core SDK would promote "Secure by Design" principles, helping developers protect their AI Agents against wallet-draining attacks out of the box.
Additional context
This missing guardrail pattern was identified as part of a broader security research initiative into Crypto-AI Agent vulnerabilities.