Skills
skills/circlefin/skills/use-agent-wallet/Gen Agent Trust Hub

use-agent-wallet

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the @circle-fin/cli package via the NPM registry. This is an official vendor resource managed by 'circlefin' and is necessary for the skill's primary function.
  • [COMMAND_EXECUTION]: The skill utilizes the circle CLI to perform wallet-related operations including creation, authentication, and balance inspection. These are standard operations for the tool's intended use case.
  • [PROMPT_INJECTION]: The skill identifies a surface for potential indirect prompt injection as it ingests user-provided data (email, OTP) and command output (request ID) for use in subsequent shell commands.
  • Ingestion points: User input (email, OTP) and CLI response data (request ID) processed within the skill flow.
  • Boundary markers: The skill does not specify explicit delimiters or boundary markers for user-provided inputs within the command-line arguments.
  • Capability inventory: The skill utilizes the circle CLI which can perform network operations and modify wallet states.
  • Sanitization: No specific input validation or escaping logic is defined for user-provided strings before command interpolation, relying on the agent's default handling of command arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:39 AM