trade
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executenpx awal@2.8.2 tradefor processing cryptocurrency swaps. To mitigate risks of shell injection, the instructions provide the agent with precise regular expressions to validate user-supplied amounts, token identifiers, and slippage values before the command is constructed. - [EXTERNAL_DOWNLOADS]: The skill dynamically downloads the
awalpackage vianpxfrom the npm registry. This package is an official utility provided by the skill's author, Coinbase, and the use of a pinned version (@2.8.2) prevents unexpected behavior from package updates.
Audit Metadata