agentbox-inference
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to transmit conversation context and user-provided prompts to a third-party, non-whitelisted API endpoint at inference.x402.agentbox.fyi. This domain acts as a proxy for multiple LLM providers, posing a data exposure risk to an external service provider.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and potentially obeys instructions embedded in responses from the external LLM. 1. Ingestion points: Responses from the chat completions endpoint at inference.x402.agentbox.fyi. 2. Boundary markers: The skill does not provide any delimiters or instructions for the agent to distinguish between the inference service's response and its own system instructions. 3. Capability inventory: The agent uses the x_payment tool, which can perform network POST requests and trigger Solana-based USDC transactions. 4. Sanitization: No sanitization or validation of the remote LLM output is performed before it is used by the agent.
- [NO_CODE]: The skill is entirely composed of markdown documentation and usage instructions; it does not include any local scripts, binaries, or source code.
Audit Metadata