search-for-service
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses
npx awal@latestto execute its core functionality. This pattern downloads and runs code from the npm registry at runtime. Because 'awal' is not a package from a trusted organization (as defined in the security policy), this poses a risk of remote code execution if the package or the registry account is compromised. Using the@latesttag further increases risk by automatically opting into unvetted updates. - [COMMAND_EXECUTION] (LOW): The skill is granted permission to run specific Bash commands. While scoped to the
awalutility, it relies on the integrity of that external executable. - [Indirect Prompt Injection] (LOW):
- Ingestion points: Untrusted data enters the agent context via
npx awal@latest x402 bazaar search(marketplace descriptions) andnpx awal@latest x402 details <url>(API schemas and headers from arbitrary third-party URLs). - Boundary markers: Absent. The skill does not define delimiters or specific instructions to the agent to treat search results or remote schemas as untrusted data.
- Capability inventory: The agent has the ability to execute
Bashcommands and potentially use other skills likepay-for-servicebased on the output of this skill. - Sanitization: There is no evidence of sanitization or validation of the text returned from the bazaar search or the inspected endpoints.
Audit Metadata