transfer
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied data, specifically destination addresses and token amounts, to perform financial transactions. This creates a surface for potential input manipulation; however, the skill explicitly mandates a manual confirmation step by the user before execution to mitigate this risk.
- Ingestion points: User-provided arguments for
<to-address>,<amount>, and[token-address]in SKILL.md. - Boundary markers: None identified.
- Capability inventory: Financial asset transfers using the
mcp__convex-testnet__transfertool and CVM transaction snippets. - Sanitization: Relies on explicit instructions to confirm all details with the user before any transaction is executed.
Audit Metadata