Skills
skills/casualsecurityinc/xno-skills/create-wallet/Gen Agent Trust Hub

create-wallet

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and executes the xno-skills utility from the NPM registry via npx. This package belongs to the vendor ecosystem of the skill author.
  • [COMMAND_EXECUTION]: Executes shell commands to perform cryptographic wallet operations. The skill correctly recommends using --stdin for sensitive inputs to minimize exposure in shell history.
  • [PROMPT_INJECTION]: The probe-mnemonic command template presents a potential surface for indirect prompt injection if the agent does not sanitize user-provided mnemonic strings before interpolation into the shell. 1. Ingestion points: User-provided mnemonics in SKILL.md. 2. Boundary markers: Absent in the probe-mnemonic command string. 3. Capability inventory: CLI execution via npx in SKILL.md. 4. Sanitization: No explicit sanitization or escaping instructions provided for the command-line argument.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:15 PM