Skills
skills/coinbase/agentic-wallet-skills/send-usdc/Gen Agent Trust Hub

send-usdc

Fail

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill uses npx awal@latest, which downloads and executes code from the npm registry. The awal package is not provided by any of the trusted organizations or repositories defined in the security framework.
  • REMOTE_CODE_EXECUTION (HIGH): By invoking npx, the skill performs remote code execution of an unverified package. This package has access to the agent's execution environment, which is particularly dangerous given the tool's purpose of managing cryptocurrency wallets.
  • COMMAND_EXECUTION (MEDIUM): User-supplied data (amount and recipient) is interpolated directly into a bash command string. While the documentation suggests single-quoting the amount, there is no technical enforcement of sanitization, creating a risk of command injection if a user provides a malicious recipient string (e.g., ; rm -rf /).
  • INDIRECT_PROMPT_INJECTION (LOW): The skill lacks sufficient boundary markers when processing untrusted user input for blockchain transactions.
  • Ingestion points: User-provided amount and recipient arguments in SKILL.md.
  • Boundary markers: Absent; no delimiters are used to separate user input from the command structure.
  • Capability inventory: Execution of bash commands via npx with access to wallet authentication states.
  • Sanitization: Minimal; relies on instructional guidance for the agent to use single quotes rather than programmatic escaping.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 21, 2026, 10:34 AM