agenta
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill setup process includes commands to download and execute scripts directly from the internet using the 'curl | bash' pattern for both the AgentaOS CLI and the 'fnm' tool. While these sources are associated with the vendor and trusted services, piping remote content to a shell is a dangerous execution pattern.
- [CREDENTIALS_UNSAFE]: The instructions for importing sub-accounts specify passing '--api-key' and '--api-secret' as command-line arguments. Passing secrets in this manner is insecure because the values may be exposed in process monitors, shell history files, or system logs.
- [PROMPT_INJECTION]: The skill contains strong steering instructions that forbid the agent from searching for outside documentation or using alternative tools. It also directs the agent to execute a 'curl' command to fetch its own instruction file (SKILL.md) from a remote server if it perceives the current content is incomplete, creating a vector for remote instruction tampering.
- [COMMAND_EXECUTION]: The skill functions primarily by instructing the agent to execute various shell commands for financial transactions, account management, and policy enforcement.
- [EXTERNAL_DOWNLOADS]: Fetches executable scripts and configuration files from external domains (agentaos.ai and vercel.app) during the environment setup phase.
Recommendations
- HIGH: Downloads and executes remote code from: https://agentaos.ai/install, https://fnm.vercel.app/install - DO NOT USE without thorough review
Audit Metadata