Skills
skills/cascade-protocol/agentbox/agentbox-inference/Gen Agent Trust Hub

agentbox-inference

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to https://inference.x402.agentbox.fyi to access LLM inference services.\n- [EXTERNAL_DOWNLOADS]: The skill specifies a requirement for the openclaw binary in its metadata.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes user input and sends it to an external LLM, potentially allowing malicious content in model responses to influence the agent.\n
  • Ingestion points: User content is ingested through the messages array in the x_payment tool's request body in SKILL.md.\n
  • Boundary markers: No explicit delimiters or instructions are provided to the model to ignore or isolate instructions contained within the message history.\n
  • Capability inventory: The agent context has access to the x_payment tool, which can execute financial transactions on the Solana blockchain and perform network requests.\n
  • Sanitization: The skill lacks mechanisms to sanitize or validate input messages or the responses received from the external inference provider.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 07:44 PM