news-shopping
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external NPM package
agentcashand usesnpxto execute the latest version from the registry at runtime. - [REMOTE_CODE_EXECUTION]: The use of
npx agentcash@latestallows for the dynamic download and execution of code from an unverified source on the NPM registry, which can lead to remote code execution if the package is compromised. - [COMMAND_EXECUTION]: The skill provides numerous shell commands for the agent to execute, including global package installation and running a CLI tool to proxy network requests.
- [DATA_EXFILTRATION]: Search queries and potential wallet metadata are sent to the external domain
stableenrich.dev. While the primary purpose is legitimate search, this domain is unverified and represents a risk for data exposure. - [PROMPT_INJECTION]: The skill ingests untrusted data from external news and shopping sources. This constitutes an indirect prompt injection surface where malicious instructions could be hidden in processed search results to manipulate agent behavior. No boundary markers or sanitization steps are defined for this data ingestion.
Audit Metadata