phone-calls
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the agentcash package from the NPM registry and explicitly directs the use of npx agentcash@latest, which fetches the most recent code version from a remote source at runtime.
- [REMOTE_CODE_EXECUTION]: By utilizing npx agentcash@latest, the skill executes external code on the local system. This creates a dependency on a third-party package registry and allows for the potential execution of untrusted code if the package is updated or compromised.
- [COMMAND_EXECUTION]: The skill relies on shell command execution (npm, npx) to perform operations such as wallet management and API interactions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes call transcripts and summaries from external third-party recipients. Ingestion points: The transcript and summary fields returned by the stablephone.dev API endpoints. Boundary markers: There are no delimiters or instructions provided to isolate the transcript content from agent instructions or to warn the agent to disregard embedded commands. Capability inventory: The skill uses the agentcash CLI for network communication and payment processing, which could be exploited if the agent is manipulated by a malicious transcript. Sanitization: No sanitization or validation of the transcript data is performed before it is presented to the agent.
Audit Metadata