Skills
skills/financedistrict-platform/fd-agent-wallet-skills/wallet-overview/Gen Agent Trust Hub

wallet-overview

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The skill uses the Bash tool to execute a predefined set of subcommands for the fdx CLI. These commands are restricted to wallet status, profile information, and activity lookups, matching the skill's stated purpose.
  • [DATA_EXFILTRATION] (SAFE): While the skill accesses sensitive financial data like wallet addresses and transaction history, this is necessary for its core functionality. No patterns of unauthorized data exfiltration or hardcoded credentials were detected.
  • [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted data from the blockchain (e.g., transaction history and holdings) which could contain malicious instructions in metadata fields like transaction memos or token names.
  • Ingestion points: SKILL.md via fdx call getWalletOverview and fdx call getAccountActivity.
  • Boundary markers: Absent; the skill does not use specific delimiters or instructions to ignore embedded commands in the tool output.
  • Capability inventory: Shell command execution via Bash tool.
  • Sanitization: No sanitization is performed on the data retrieved from the fdx tool before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 03:45 AM