Skills
skills/coinbase/agentic-wallet-skills/pay-for-service/Gen Agent Trust Hub

pay-for-service

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Uses npx to fetch and execute the awal package at a specific version (2.8.2) from the public npm registry. This package is part of the vendor's officially supported Agent Wallet infrastructure.
  • [COMMAND_EXECUTION]: Executes shell commands to manage wallet status, check balances, and process payments. The skill includes a dedicated 'Input Validation' section that instructs the agent to sanitize user-provided URLs and JSON payloads, specifically checking for shell metacharacters and using single quotes to prevent injection.
  • [DATA_EXFILTRATION]: Performs network requests to process payments at endpoints specified by the user or discovered via search. This activity is the core intended purpose of the skill and is governed by user-defined parameters.
  • [PROMPT_INJECTION]:
  • Ingestion points: The skill processes untrusted external data via user-provided URLs, JSON request bodies (-d), and custom headers (-h) in SKILL.md.
  • Boundary markers: Instructions require the agent to wrap data and parameters in single quotes to prevent shell variable expansion or command substitution.
  • Capability inventory: The skill utilizes the Bash tool to execute commands through npx awal as defined in SKILL.md.
  • Sanitization: The agent is explicitly told to validate URL syntax, reject characters like semicolons and pipes, and ensure input is valid JSON before command construction.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 04:27 AM