Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
agentcashpackage from the npm registry to interact with the service.\n- [COMMAND_EXECUTION]: The skill performs its tasks by executing shell commands using thenpx agentcashutility.\n- [REMOTE_CODE_EXECUTION]: The instruction to usenpx agentcash@latestcauses the agent to fetch and execute the most recent version of the package from the npm registry at runtime.\n- [PROMPT_INJECTION]: Reading incoming email messages from thestableemail.devAPI presents a surface for indirect prompt injection.\n - Ingestion points: Email reading and listing endpoints described in
SKILL.md.\n - Boundary markers: Absent; there are no specific instructions to the agent to disregard commands embedded within the fetched email text.\n
- Capability inventory: The skill can send emails, purchase subdomains, and manage account settings via the
agentcashCLI as documented inSKILL.md.\n - Sanitization: Absent; no sanitization or escaping of the email content is specified before it is processed by the agent.
Audit Metadata