use-agently
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
use-agentlyCLI globally via NPM (npm install -g use-agently@latest). This is a vendor-owned package from the 'agentlyhq' organization. - [COMMAND_EXECUTION]: The skill's primary functionality is delivered through the execution of the
use-agentlyCLI tool with various arguments, including health checks, wallet management, and protocol-specific interactions (A2A, MCP). - [CREDENTIALS_UNSAFE]: The
use-agently initcommand generates an EVM private key which is stored in plain text within a configuration file at~/.use-agently/config.json. This file contains sensitive financial credentials used to authorize payments on the Base network. - [REMOTE_CODE_EXECUTION]: The skill includes a
use-agently updatecommand designed to download and execute the latest version of the CLI tool, facilitating a self-update mechanism from remote sources. - [PROMPT_INJECTION]: The documentation contains an instruction directing the AI agent to disregard the provided markdown syntax in favor of output generated by the CLI's help commands ("Do NOT rely on this document... The CLI is the source of truth").
Audit Metadata