Skills
skills/awp-core/awp-skill/awp/Gen Agent Trust Hub

awp

Warn

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The wallet-raw-call.mjs script utilizes dynamic import() to load Node.js modules from a path computed at runtime using the findAwpWalletDir function.
  • [EXTERNAL_DOWNLOADS]: During the setup process, the skill clones the awp-wallet repository from the vendor's official GitHub account (github.com/awp-core) and executes its install.sh script to provide necessary CLI functionality.
  • [COMMAND_EXECUTION]: Several bundled Python scripts, including preflight.py and awp-daemon.py, use the subprocess module to execute the awp-wallet binary and other internal scripts to manage the protocol state and user wallet.
  • [DATA_EXFILTRATION]: The skill performs network requests to api.awp.sh and mainnet.base.org to query protocol information and submit transaction data via gasless relay endpoints.
  • [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection via the Install Worknet Skill (Q6) and awp announcements features, which ingest content from external URLs. However, the skill includes explicit instructions for the agent to warn users and request confirmation when interacting with third-party sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 3, 2026, 02:36 PM