Skills
skills/casualsecurityinc/xno-skills/nano-generate-qr/Gen Agent Trust Hub

nano-generate-qr

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on shell command execution to function, specifically invoking bunx, pnpm dlx, or npx to run the xno-skills utility.
  • [EXTERNAL_DOWNLOADS]: The skill's instructions mandate using the @latest tag (e.g., xno-skills@latest), which causes the agent to download and execute the most recent version of the package from the npm registry at runtime.
  • [PROMPT_INJECTION]: The skill processes untrusted user input by interpolating Nano addresses and payment amounts directly into shell commands. This creates an attack surface for indirect prompt injection or command injection.
  • Ingestion points: User-provided Nano addresses and decimal amounts are passed as arguments to the qr subcommand in SKILL.md.
  • Boundary markers: No explicit shell-level escaping or boundary markers are defined in the command templates.
  • Capability inventory: The skill possesses the capability to execute shell commands and write output to the file system (e.g., /tmp/qr.txt).
  • Sanitization: The documentation claims the underlying CLI tool validates addresses, which serves as a secondary defense but does not eliminate the primary injection surface at the agent instruction level.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:24 AM