agent-payments
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: In references/wallets.md, the skill directs the agent to download and immediately execute a shell script from https://presto-binaries.tempo.xyz/install.sh. This pattern executes remote code without prior verification of the script contents or the source domain.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the awal package via npx in references/wallets.md to handle wallet authentication and payments on the Base network. This utilizes the Coinbase Agentic Wallet tool, a well-known service.
- [COMMAND_EXECUTION]: The skill relies on several CLI tools, including curl, presto, and awal, to manage GraphQL queries and perform wallet operations.
- [PROMPT_INJECTION]: The skill is exposed to indirect prompt injection because it processes GraphQL responses from graph.codex.io and subsequently executes shell commands based on the flow. 1. Ingestion points: GraphQL API responses from https://graph.codex.io/graphql. 2. Boundary markers: No specific delimiters or instructions are provided to distinguish between trusted instructions and untrusted data from the API. 3. Capability inventory: Access to shell execution via curl, presto, and npx awal. 4. Sanitization: No explicit validation or sanitization of the remote API content is performed before processing.
Recommendations
- AI detected serious security threats
Audit Metadata