Skills
skills/fibrous-finance/fibx-skills/tx-status/Gen Agent Trust Hub

tx-status

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes npx to fetch the fibx package from the public npm registry during runtime execution.
  • [REMOTE_CODE_EXECUTION]: The fibx package retrieved via npx is executed within the agent's environment to perform transaction queries.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute shell commands for the fibx CLI, passing user-provided parameters directly to the shell.
  • [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection or command injection due to unsafe interpolation of untrusted data.
  • Ingestion points: The hash and chain parameters provided by users are used to build shell commands in SKILL.md.
  • Boundary markers: No delimiters or safety instructions are used to isolate the user-provided parameters within the shell command string.
  • Capability inventory: The skill possesses the ability to execute arbitrary Bash commands through the npx execution path defined in the allowed-tools section.
  • Sanitization: The skill does not implement validation or escaping mechanisms for the hash or chain inputs, which could allow an attacker to execute additional shell commands if the inputs are not strictly formatted as expected hex strings or alphanumeric chain names.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 04:24 PM