agnic
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill dynamically fetches and executes the 'agnic' package from the official NPM registry. This is a standard delivery mechanism for the vendor's own CLI tool.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to process data from untrusted external sources while maintaining access to sensitive capabilities.
- Ingestion points: Untrusted content enters the agent's context through retrieved emails ('email inbox') and responses from external service providers during paid API interactions ('x402 pay').
- Boundary markers: The instructions lack specific boundary markers or delimiters to help the agent distinguish between its core instructions and data retrieved from external sources.
- Capability inventory: The agent is authorized to perform high-impact financial actions, including transferring tokens ('send'), executing trades ('trade'), and managing communications ('email send', 'email reply').
- Sanitization: No explicit sanitization, validation, or filtering processes are described for handling the content ingested from the inbox or API endpoints.
Audit Metadata