Skills
skills/ahmetenesdur/fibx-agentic-wallet-skills/balance/Gen Agent Trust Hub

balance

Warn

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx fibx@latest across its commands and examples. This results in the agent downloading code from the npm registry during execution, which may introduce unvetted third-party code into the environment.
  • [REMOTE_CODE_EXECUTION]: By calling npx, the skill executes code fetched from a remote repository at runtime. This pattern is risky as the contents of the 'latest' version of a package can change without notice or security review.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute shell commands, specifically invoking the npx utility. This provides a direct path for the agent to run arbitrary system commands if the command parameters are not strictly controlled.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by fetching and displaying blockchain data (such as token names and native balances). This untrusted external data could contain malicious instructions designed to manipulate the agent's behavior in subsequent steps of a workflow.
  • Ingestion points: Output from npx fibx@latest balance and npx fibx@latest status commands in SKILL.md.
  • Boundary markers: No delimiters or warnings are used to encapsulate the output from the blockchain tools.
  • Capability inventory: The skill possesses the capability to execute shell commands via the Bash tool.
  • Sanitization: There is no evidence of sanitization or validation performed on the blockchain data before it is returned to the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 13, 2026, 11:02 AM
Security Audit — agent-trust-hub — balance