Skills
skills/ahmetenesdur/starkfi/authenticate-wallet/Gen Agent Trust Hub

authenticate-wallet

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx starkfi@latest to fetch and run the required utility from the public npm registry at runtime. This introduces a dependency on external third-party infrastructure.
  • [REMOTE_CODE_EXECUTION]: Executing unversioned packages via npx with the @latest tag is a form of remote code execution. This behavior creates a supply chain risk, as the package content could be modified in the registry without notice.
  • [COMMAND_EXECUTION]: The skill executes Bash commands that incorporate user-provided inputs like <email> and <code>. This pattern is susceptible to shell command injection if the inputs contain malicious characters.
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection. 1. Ingestion points: User-provided email and code parameters in SKILL.md. 2. Boundary markers: No delimiters or protective instructions are used to separate user data from the system command context. 3. Capability inventory: The skill uses the Bash tool to execute system-level commands. 4. Sanitization: There is no evidence of sanitization, escaping, or validation of user inputs before they are passed to the shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 04:43 PM