Skills
skills/merit-systems/agentcash-skills/agentcash-onboarding/Gen Agent Trust Hub

agentcash-onboarding

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using npx to perform onboarding and check wallet status.
  • [COMMAND_EXECUTION]: Potential command injection surface detected in SKILL.md. * Ingestion points: User-provided invite codes (e.g., <invite-code>). * Boundary markers: Absent; the input is interpolated directly into the shell command string. * Capability inventory: Uses npx for subprocess execution. * Sanitization: Absent; the skill lacks instructions to escape or validate user input before shell execution.
  • [EXTERNAL_DOWNLOADS]: The skill uses npx to download and run the agentcash package from the official npm registry, which is a well-known service.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 04:48 PM