Skills
skills/agnicpay/agnic-wallet-skills/trade-tokens/Gen Agent Trust Hub

trade-tokens

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx agnic@latest to download and execute the AgnicPay command-line interface from the NPM registry. This package is provided by the vendor to facilitate the skill's primary trading functions.
  • [COMMAND_EXECUTION]: The skill employs the Bash tool to run commands for checking balances and performing trades. It follows best practices by recommending a --dry-run to the user before final execution.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it handles untrusted user input for token names and amounts.
  • Ingestion points: User-supplied parameters for <amount>, <sell_token>, and <buy_token> in SKILL.md.
  • Boundary markers: None present.
  • Capability inventory: Command execution via Bash in SKILL.md.
  • Sanitization: No input validation or filtering is defined in the skill logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 03:34 PM