balance
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses 'npx fibx@latest', which downloads and executes the most recent version of the fibx package from the npm registry during runtime.
- [EXTERNAL_DOWNLOADS]: Fetches executable code from the public npm repository, which is a well-known service.
- [COMMAND_EXECUTION]: Utilizes the Bash tool to run CLI commands for blockchain interactions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the 'chain' parameter or additional arguments in the bash command. Ingestion points: User input provided for the chain name or wildcard arguments in npx fibx@latest balance *. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present in the command execution string. Capability inventory: The skill has the ability to execute shell commands via Bash. Sanitization: There is no evidence of escaping, validation, or filtering of external content before it is interpolated into the shell command.
Audit Metadata