Skills
skills/casualsecurityinc/xno-skills/nano-request-payment/Gen Agent Trust Hub

nano-request-payment

Pass

Audited by Gen Agent Trust Hub on May 3, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches the xno-skills and @open-wallet-standard/core packages from the npm registry during execution.
  • [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute code from the npm registry using npx -y, bunx -y, or pnpm dlx. It specifically requests the @latest version of xno-skills, meaning the executed code is not pinned to a specific hash or version.
  • [PROMPT_INJECTION]: The skill processes untrusted user input that could lead to indirect prompt injection.
  • Ingestion points: The reason and walletName parameters in the payment_request_create tool are populated by user-provided text.
  • Boundary markers: No delimiters or instructions are provided to the agent to treat this data as untrusted.
  • Capability inventory: The agent can check balances, create payment requests, and broadcast blocks to receive funds using the xno-skills CLI.
  • Sanitization: No validation or sanitization of the input strings is mentioned in the instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 3, 2026, 05:24 AM