aave
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'fibx' package from the NPM registry at runtime. This is an external dependency sourced from a well-known public package registry.
- [REMOTE_CODE_EXECUTION]: The skill utilizes 'npx' to execute the latest version of the 'fibx' CLI directly from the NPM registry. This pattern involves the execution of remote code in the agent's environment.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute various commands for interacting with the Aave protocol. These commands are constructed by concatenating action keywords and user-provided parameters.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to the way it handles input parameters in shell commands.
- Ingestion points: The 'amount' and 'token' parameters in SKILL.md are populated from user input and interpolated into 'Bash' commands.
- Boundary markers: None; parameters are appended to the command string without any encapsulation or 'ignore' instructions.
- Capability inventory: The skill possesses the capability to execute shell commands via 'Bash'.
- Sanitization: There is no evidence of input validation, escaping, or sanitization to prevent the execution of malicious shell metacharacters if a user provides a crafted input.
Audit Metadata