Skills
skills/agnicpay/agnic-wallet-skills/search-for-service/Gen Agent Trust Hub

search-for-service

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform service searches via a command-line interface.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx agnic@latest, which dynamically downloads the author's official CLI tool from the npm registry. As the tool is associated with the vendor 'agnicpay', this is considered legitimate vendor functionality.
  • [PROMPT_INJECTION]: Search queries provided by the user are directly interpolated into a bash command (npx agnic x402 search "<query>"). This creates a surface for command injection if malicious strings are provided.
  • Ingestion points: The <query> parameter within the search commands in SKILL.md.
  • Boundary markers: The input is enclosed in double quotes, providing only superficial protection against shell escaping.
  • Capability inventory: The skill utilizes the Bash tool for core functionality.
  • Sanitization: There is no evidence of input validation or sanitization for the search query parameter.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:34 PM