Skills
skills/coinbase/agentic-wallet-skills/pay-for-service/Gen Agent Trust Hub

pay-for-service

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill relies on npx awal@latest to perform core functions. npx downloads and executes code from the npm registry at runtime. The awal package is not provided by a trusted organization (as defined in the analysis guidelines), posing a risk of supply chain attacks or malicious code updates being executed by the agent.
  • Command Execution (LOW): The skill is designed to execute bash commands via npx. While the allowed-tools are restricted to the awal CLI, vulnerabilities in the CLI's argument parsing or the package's logic could be exploited.
  • Indirect Prompt Injection (LOW):
  • Ingestion points: The x402 pay command fetches data from external, potentially attacker-controlled URLs.
  • Boundary markers: Absent; there are no delimiters or explicit instructions for the agent to ignore instructions embedded in the API responses.
  • Capability inventory: The agent has the ability to execute bash commands, manage wallet balances, and interact with network endpoints.
  • Sanitization: Absent; output from external service calls is processed without visible sanitization or validation filters.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 10:34 AM