Skills
skills/ahmetenesdur/fibx-agentic-wallet-skills/send/Gen Agent Trust Hub

send

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to run CLI commands for sending tokens and checking balances.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx fibx@latest, which triggers a download of the fibx package from the npm registry at runtime. Using the @latest tag is a security risk as it always pulls the newest version, which could contain malicious updates or be subject to supply-chain attacks.
  • [REMOTE_CODE_EXECUTION]: Commands executed via npx run code downloaded from a remote repository (npm) on the local system without manual version verification.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection where malicious user input could lead to command injection. User-provided values for amount, recipient, and token are directly placed into bash command strings.
  • Ingestion points: User-provided parameters for transaction details processed via the send command in SKILL.md.
  • Boundary markers: No delimiters or instructions are used to separate user input from the command structure or to instruct the agent to ignore embedded shell metacharacters.
  • Capability inventory: The agent has the capability to execute shell commands via the Bash() tool specified in the allowed-tools section of SKILL.md.
  • Sanitization: There is no evidence of input validation, escaping, or sanitization for the user-provided fields before they are interpolated into the shell execution string.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 09:24 AM
Security Audit — agent-trust-hub — send