Skills
skills/fluxa-agent-payment/fluxa-ai-wallet-mcp/fluxa-agent-wallet/Gen Agent Trust Hub

fluxa-agent-wallet

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell commands to interact with the @fluxa-pay/fluxa-wallet CLI tool, performing tasks such as mandate creation, payout execution, and wallet configuration.
  • [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch and process remote content from fluxapay.xyz and vercel.app to discover payment-enabled services, check for announcements, and retrieve updated skill definitions.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes npx to run the latest version of its wallet CLI. Documentation also references npx awal@2.0.3, which suggests the execution of versioned command-line tools for service discovery within the x402 bazaar.
  • [PROMPT_INJECTION]: An indirect prompt injection surface exists in the SCHEDULED-CHECKIN.md workflow, where the agent is prompted to read and summarize external markdown files (announcement.md, skill.md) to plan actions and provide reports.
  • Ingestion points: Remote URLs hosted on vendor-controlled domains (fluxapay.xyz and vercel.app).
  • Boundary markers: Absent; the agent is instructed to read the full content of the remote files without explicit delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The agent possesses the ability to execute CLI commands and initiate blockchain-based financial transactions.
  • Sanitization: No sanitization or validation of the remote markdown content is implemented before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 04:41 PM