styx
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Provides a CLI interface for managing Bitcoin deposits, enabling the agent to perform complex financial operations including transaction preparation, signing, and broadcasting.
- [CREDENTIALS_UNSAFE]: Accesses the wallet's Bitcoin private keys to sign transactions locally. This sensitive operation is necessary for the skill's primary function and occurs entirely within the local execution environment without transmitting keys to external services.
- [EXTERNAL_DOWNLOADS]: Fetches protocol configuration, pool status, and network fee estimates from the Styx API and mempool.space. These are well-known services relevant to the skill's functionality.
- [PROMPT_INJECTION]: The skill processes structured data from external APIs (pool status, transaction preparation) which presents a surface for indirect instructions. However, the risk is minimal due to the structured nature of the data and use-case specific logic.
- Ingestion points: Data retrieved from styxSDK and MempoolApi in styx/styx.ts.
- Boundary markers: None explicitly present in the raw output, though structured JSON is used for agent interaction.
- Capability inventory: Local transaction signing and network broadcasting via mempool.space.
- Sanitization: Numerical data is validated and rounded, though string fields from the SDK are passed to the agent's output.
Audit Metadata