generate-qr
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to run
npx -y xno-skills, which downloads and executes code from a remote registry at runtime. The packagexno-skillsis not associated with a trusted organization or the skill author's verified namespace, posing a risk of executing malicious code if the package is compromised or malicious. - [COMMAND_EXECUTION]: The skill uses
npxto execute CLI commands in the host environment, providing a direct path to the system shell. - [EXTERNAL_DOWNLOADS]: Runtime execution triggers the download of the
xno-skillspackage from the public NPM registry. - [PROMPT_INJECTION]: The skill processes untrusted user data (Nano address and amount) by interpolating it into a shell command template, creating a surface for indirect injection.
- Ingestion points: Wallet address and amount provided by the user in SKILL.md.
- Boundary markers: Absent; no delimiters are used to isolate user input from the command string.
- Capability inventory: Direct shell command execution via
npxas documented in SKILL.md. - Sanitization: No explicit validation, escaping, or filtering of the user-provided address is defined before it is passed to the command line.
Recommendations
- AI detected serious security threats
Audit Metadata