Skills
skills/codex-data/skills/agent-payments/Gen Agent Trust Hub

agent-payments

Fail

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads an installation script for the 'presto' CLI tool from an external domain (https://presto-binaries.tempo.xyz/install.sh).
  • [REMOTE_CODE_EXECUTION]: Uses the dangerous curl | bash pattern to install the 'presto' utility, which executes remote code without any verification or integrity checks.
  • [COMMAND_EXECUTION]: Invokes npx to dynamically fetch and execute the awal package, allowing unverified third-party code to run in the environment.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from the Codex Supergraph GraphQL API.
  • Ingestion points: GraphQL query responses from https://graph.codex.io/graphql (found in SKILL.md).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to ignore embedded commands in the API response.
  • Capability inventory: Includes shell command execution via curl, npx, and the presto CLI (found in references/wallets.md).
  • Sanitization: No evidence of sanitization or validation of the data received from the external API before it is processed.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 17, 2026, 09:11 PM