omni-x402
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
npx awal@latest, which dynamically downloads and executes code from the npm registry at runtime. As the author/package is not part of the trusted organization list, this presents a supply chain risk where the package could be updated to include malicious functionality. - COMMAND_EXECUTION (LOW): The skill leverages the Bash tool to execute CLI commands for authentication, wallet funding, and API interaction. While necessary for the skill's purpose, it expands the agent's local execution surface.
- INDIRECT PROMPT INJECTION (LOW): The skill processes social media data (tweets, bios, posts) which can contain malicious instructions designed to manipulate the agent's logic.
- Ingestion points: Data retrieved from
omniapi-production-7de2.up.railway.app(Twitter/Instagram content). - Boundary markers: Absent. The skill does not provide delimiters to differentiate between service data and potential embedded instructions.
- Capability inventory: Subprocess execution via Bash tool (npx, curl).
- Sanitization: Absent. No evidence of input validation or escaping for the data fetched from social media APIs.
Audit Metadata