trade
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches and executes the
fibxcommand-line utility from the npm registry usingnpx. This is a routine operation for ensuring the latest exchange rates and route aggregation logic are utilized. - [COMMAND_EXECUTION]: Utilizes bash commands to interact with the Fibrous protocol for trading, checking connectivity, and querying wallet balances. Execution is constrained to the verified
fibxtoolset. - [PROMPT_INJECTION]: The skill accepts user-provided parameters such as token names and amounts, which are interpolated into shell commands. This creates an indirect prompt injection surface; however, the risk is limited to the functionality provided by the specific CLI tool and is considered low-risk for the intended transaction use-case.
Audit Metadata