authenticate-wallet
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill relies on
npx awal@latestfor its core functionality.npxfetches the specified package from the npm registry and executes it immediately. Since the 'awal' package is not from a trusted organization, this mechanism can be used to execute arbitrary malicious code on the system. Using the@latesttag further increases risk as the code can change at any time without a lockfile.\n- PROMPT_INJECTION (HIGH): The skill exhibits a high surface for Indirect Prompt Injection. \n - Ingestion points: The skill explicitly instructs the agent to read the user's email to retrieve OTP codes (SKILL.md). \n
- Boundary markers: No markers or safety instructions are provided to help the agent distinguish between the OTP code and potentially malicious instructions embedded in the email. \n
- Capability inventory: The agent is granted the ability to run multiple CLI commands through
Bash, including wallet authentication and balance checks. \n - Sanitization: There is no mention of sanitizing or validating the email content before processing. An attacker could send an email that tricks the agent into performing unauthorized wallet operations.\n- EXTERNAL_DOWNLOADS (MEDIUM): The skill downloads and runs an unpinned, third-party package from an external registry (npm).
Recommendations
- AI detected serious security threats
Audit Metadata