trade
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the 'fibx' package from the public npm registry using the
npxpackage runner at runtime. - [COMMAND_EXECUTION]: Utilizes the
Bashtool to execute shell commands for token swaps, balance checks, and transaction status monitoring. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by interpolating untrusted user input into shell commands.
- Ingestion points: User-supplied values for
<amount>,<from_token>,<to_token>, and<chain>parameters defined in theSKILL.mdcommand templates. - Boundary markers: Absent; the skill does not define delimiters or provide instructions to ignore embedded commands within the user-supplied data.
- Capability inventory: The skill has the capability to execute shell commands via the
Bashtool, including operations that involve network access (npx) and financial transactions (trade). - Sanitization: No explicit sanitization, validation, or escaping logic is defined in the skill instructions to mitigate malicious input in the command arguments.
Audit Metadata