send
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npx fibx@latest, which downloads and executes thefibxpackage from the NPM registry. This is the primary mechanism for the skill's functionality. - [COMMAND_EXECUTION]: The skill is granted permission to execute specific shell commands via the
Bashtool to interact with the blockchain, check balances, and send transactions. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (recipient addresses, amounts, and token symbols) and interpolates them into shell commands. This represents a potential injection surface; however, the risk is mitigated by explicit instructions for the agent to validate addresses and obtain user confirmation before executing any state-changing transactions.
Audit Metadata