Skills
skills/kyc-rip/ripley-xmr-gateway/monero-wallet/Gen Agent Trust Hub

monero-wallet

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a Python script (scripts/monero_wallet_rpc.py) to manage Monero transactions. This script interacts with a local Monero gateway using the requests library to perform financial operations.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its handling of the XMR402 protocol.\n
  • Ingestion points: The agent is instructed in SKILL.md to parse WWW-Authenticate headers from external, potentially untrusted web servers.\n
  • Boundary markers: Absent. The instructions require the agent to strictly follow the challenge parameters provided by the external server.\n
  • Capability inventory: The skill possesses the capability to perform financial transfers (transfer) and pay protocol challenges (pay-402) via the monero_wallet_rpc.py script.\n
  • Sanitization: The Python script validates that the amount is a float, but it does not implement destination whitelisting or user-confirmation gates for the address and amount provided by the external source.\n- [DATA_EXFILTRATION]: The skill handles a sensitive AGENT_API_KEY. It employs security best practices by hardcoding the destination URL to 127.0.0.1 and disabling environment-based proxy settings (trust_env=False), which prevents the accidental transmission of credentials to external or attacker-controlled servers.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 03:13 AM
Security Audit — agent-trust-hub — monero-wallet