aave
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx fibx@latestto download and execute code from the public npm registry at runtime. While this is the primary mechanism for the skill's functionality, using the@latesttag instead of a pinned version introduces a minor supply chain risk as the package content could change without notice. - [COMMAND_EXECUTION]: The skill relies on executing shell commands to interact with the Aave protocol. This is the intended design but involves running external binary code on the system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it interpolates user-provided parameters like
amountandtokendirectly into shell commands. Evidence: Ingestion points (amount, token in SKILL.md), Boundary markers (None), Capability inventory (Subprocess calls via npx), Sanitization (None mentioned in instructions).
Audit Metadata