Skills
skills/ahmetenesdur/starkfi/send/Gen Agent Trust Hub

send

Warn

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx starkfi@latest within its commands and allowed-tools configuration, which fetches the starkfi package from the NPM registry at runtime.
  • [REMOTE_CODE_EXECUTION]: By invoking npx with the @latest tag, the skill executes remote code that is not pinned to a specific version, allowing the behavior of the skill to change if the remote package is updated or compromised.
  • [COMMAND_EXECUTION]: User-provided inputs (amount, token, recipient) are directly interpolated into bash commands. The allowed-tools configuration uses a wildcard (*), which allows the execution of arbitrary arguments if not properly handled by the agent.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and command injection through untrusted data.
  • Ingestion points: amount, token, and recipient parameters defined in SKILL.md are populated from user input.
  • Boundary markers: Absent; there are no delimiters or specific instructions to the agent to treat these inputs as literal data only.
  • Capability inventory: The agent has the capability to execute shell commands via the Bash tool as defined in the allowed-tools section of SKILL.md.
  • Sanitization: Absent; the skill relies on natural language instructions for address validation rather than technical sanitization or escaping of shell arguments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 5, 2026, 10:14 AM
Security Audit — agent-trust-hub — send