tx-status
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes
npxto fetch and execute thefibxpackage from the NPM registry at runtime. - [COMMAND_EXECUTION]: The skill is configured to execute shell commands using the
npx fibx@latest tx-statuscommand, which allows for querying on-chain data. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to the ingestion of untrusted external data.
- Ingestion points: Transaction hashes and the resulting receipt data (such as explorer links and block details) are fetched from external blockchain networks.
- Boundary markers: The instructions do not define clear boundaries or delimiters to isolate the transaction data from the agent's instruction context.
- Capability inventory: The skill has access to the system shell via the Bash tool to execute CLI commands.
- Sanitization: There is no explicit evidence of sanitization or validation performed on the external data retrieved from the blockchain before it is processed by the agent.
Audit Metadata