crow
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [NO_CODE]: This skill is composed exclusively of Markdown documentation and instructional guides; it contains no executable code files or scripts.
- [COMMAND_EXECUTION]: The instructions guide the agent to perform network operations using
curlto interact with the service API atapi.crowpay.aifor wallet setup and payment authorization. - [PROMPT_INJECTION]: The skill instructs agents to ingest and process the body of HTTP 402 "Payment Required" responses from external APIs. This creates a surface for indirect prompt injection as a malicious external service could embed instructions within the payment metadata.
- Ingestion points: Data from external HTTP 402 responses is ingested into the agent context as described in
SKILL.mdandreferences/x402-flow.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the documentation for handling the external JSON payload.
- Capability inventory: The skill uses
curlfor making authorized network requests to the payment provider. - Sanitization: The documentation does not describe sanitization or validation of the external payment request object before forwarding it to the authorization endpoint.
- [EXTERNAL_DOWNLOADS]: The documentation references the installation of additional tools from the vendor's GitHub repository (
github.com/Fallomai/skills) using thenpxpackage runner.
Audit Metadata