Skills
skills/ahmetenesdur/starkfi/send/Gen Agent Trust Hub

send

Warn

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to fetch and run the starkfi package from the public NPM registry at runtime.
  • [COMMAND_EXECUTION]: It utilizes the Bash tool to execute shell commands. The use of a wildcard * in the allowed tool definition npx starkfi@latest send * indicates that user input is passed directly to the shell.
  • [REMOTE_CODE_EXECUTION]: The execution pattern npx starkfi@latest downloads and runs remote code, which constitutes a remote code execution vector if the package source is compromised or if the package itself contains malicious logic.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates user-provided data such as recipient and token directly into shell commands.
  • Ingestion points: User input for amount, token, and recipient in SKILL.md.
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in the input.
  • Capability inventory: Uses Bash for shell command execution.
  • Sanitization: Absent; the skill does not specify any validation or escaping for the input strings before they are executed in the shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 15, 2026, 04:43 PM