balance
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses npx to download and run the fibx package from the official npm registry. This is the intended behavior for the tool's deployment as specified by the vendor author.
- [COMMAND_EXECUTION]: The skill executes shell commands via Bash to interact with the fibx CLI for balance and status checks. The inclusion of a wildcard in the allowed-tools configuration provides a broad surface for command argument interaction.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes data directly from external blockchain networks.
- Ingestion points: Data returned from the fibx balance command, which includes token names and metadata from the blockchain.
- Boundary markers: Not present; the instructions do not define delimiters or specific warnings to ignore instructions embedded in the balance data.
- Capability inventory: Permission to execute shell commands via the fibx CLI.
- Sanitization: Not present; the skill lacks explicit validation or escaping of the blockchain data before it is interpreted by the agent.
Audit Metadata