config
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npxto download and run the latest version of thefibxpackage from the NPM registry. This is the standard method for using the vendor's CLI utility. - [COMMAND_EXECUTION]: Execution is restricted to the
fibx configcommand suite via the Bash tool. This allows the agent to set, get, and list configuration parameters. - [DATA_EXPOSURE]: The skill reads from and writes to a local configuration file (typically
~/.config/fibx/config.json). This is a legitimate use case for persisting CLI settings such as RPC URLs across sessions. - [SAFE]: Evaluation of potential indirect prompt injection surface: 1. Ingestion points: User-provided
urlandchainparameters in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess calls via the Bash tool. 4. Sanitization: URL format validation is performed by the CLI tool before persistence.
Audit Metadata