agentcash-wallet
Warn
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation instructions guide the user to run 'npx agentcash@latest install', which downloads and executes code from the npm registry. This is an external and unverifiable source for the package.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. The 'agentcash.discover_api_endpoints' tool retrieves 'instructions' from remote API origins (e.g., stableenrich.dev). The skill explicitly directs the agent to follow these instructions, which could allow a malicious API provider to influence agent behavior or attempt exfiltration.
- Ingestion points: Data enter the context via the 'instructions' field returned by the 'agentcash.discover_api_endpoints' tool.
- Boundary markers: No delimiters or warnings to ignore instructions within the retrieved data are present.
- Capability inventory: The agent has access to 'agentcash.fetch' (network requests), 'agentcash.get_balance' (financial status), and 'agentcash.redeem_invite' (modifying state).
- Sanitization: There is no evidence of sanitization or validation of the instructions returned by the API.
- [DATA_EXFILTRATION]: The 'agentcash.fetch' tool allows sending data to arbitrary URLs. While intended for payment-protected APIs, it could be leveraged to exfiltrate sensitive information if the agent is manipulated by instructions from external services.
- [CREDENTIALS_UNSAFE]: The skill manages a local cryptocurrency wallet at '~/.agentcash/wallet.json'. The documentation and tools interact with this sensitive credential store, which presents a risk of exposure if the environment is compromised.
Audit Metadata