agentcash-onboarding
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses
npx agentcash@latestto download and execute the AgentCash command-line interface from the NPM registry. This is the official distribution method for the tool described in the skill's purpose. - [COMMAND_EXECUTION]: The skill instructions direct the agent to run various shell commands, including
onboard,wallet info, andwallet redeem. These commands interact with the local environment and the AgentCash network to manage cryptographic wallets and service discovery. - [PROMPT_INJECTION]: The skill processes user-provided invite codes as parameters for shell commands (e.g.,
npx agentcash@latest onboard <invite-code>). While this represents an ingestion point for untrusted data into a command-line capability, it is a standard operational requirement for the tool. No specific sanitization or boundary markers are defined in the markdown, but the risk is consistent with standard CLI tool usage.
Audit Metadata