crow
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several
curlcommands to interact with the CrowPay API (https://api.crowpay.ai). These commands facilitate wallet setup, payment authorization, and polling for approval status. - [EXTERNAL_DOWNLOADS]: The instructions recommend installing an additional 'nightmarket' skill from a third-party GitHub repository (
github.com/Fallomai/skills) using thenpx skills addcommand. This involves downloading and integrating code from an external developer. - [DATA_EXFILTRATION]: To facilitate payments, the skill transmits sensitive data to the CrowPay service. This includes API keys generated during setup and the content of HTTP 402 responses from other services, which may contain payment amounts, asset addresses, and recipient details.
- [PROMPT_INJECTION]: The skill processes untrusted data by forwarding full HTTP 402 response bodies from external APIs to the CrowPay service. This represents a potential indirect prompt injection surface.
- Ingestion points: Forwarding of arbitrary HTTP 402 response bodies in the
POST /authorizeendpoint. - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for the forwarded data.
- Capability inventory: The skill uses
curlfor network requests and implies file system access for saving API keys. - Sanitization: No validation or sanitization of the 402 response body is specified before it is sent to the authorization service.
Audit Metadata