agentcash
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on shell commands via
npx agentcash@latestto manage wallet balances, discover API endpoints, and perform authenticated fetch requests. - [EXTERNAL_DOWNLOADS]: The skill communicates with multiple external origins for its primary functionality, including
agentcash.dev,stableenrich.dev,stablesocial.dev,stablestudio.dev,stableupload.dev,stableemail.dev,stablephone.dev,stablejobs.dev, andstabletravel.dev. - [REMOTE_CODE_EXECUTION]: The skill uses
npxto download and execute the latest version of theagentcashpackage from the npm registry at runtime. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it instructs the agent to read and follow an
instructionsfield returned by thediscovercommand from external, potentially untrusted service origins. - Ingestion points: The agent ingests data from external origins via the
npx agentcash@latest discover <origin>command as described inSKILL.md. - Boundary markers: There are no boundary markers or instructions to ignore embedded commands within the ingested data.
- Capability inventory: The skill has the capability to execute shell commands (
npx), perform network operations (fetch), upload files (stableupload.dev), send emails (stableemail.dev), and initiate phone calls (stablephone.dev). - Sanitization: There is no evidence of sanitization or validation of the content received from the
instructionsfield before the agent processes it.
Audit Metadata