social-intelligence
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the 'agentcash' package globally via 'npm install -g agentcash' and uses 'npx agentcash@latest' to pull the most recent version of the tool from the public NPM registry.
- [REMOTE_CODE_EXECUTION]: The use of 'npx agentcash@latest' executes remote code from a third-party repository (NPM) at runtime without version pinning or integrity checks, making the environment susceptible to supply chain attacks.
- [COMMAND_EXECUTION]: All primary functions of the skill are carried out through shell commands ('npx agentcash fetch', 'npx agentcash balance', etc.), which allows the skill to execute arbitrary code and interact with the host system.
- [DATA_EXFILTRATION]: User queries and context are transmitted to the external domain 'https://stableenrich.dev'. While this is the intended functionality of the skill, it involves sending potentially sensitive data to a third-party service.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by ingesting and processing untrusted data from Reddit posts and comments.
- Ingestion points: Data from 'https://stableenrich.dev/api/reddit/search' and 'https://stableenrich.dev/api/reddit/post-comments' is loaded into the agent's context (SKILL.md).
- Boundary markers: None present to distinguish between instructions and ingested Reddit content.
- Capability inventory: Subprocess execution via 'npx agentcash' is available across all workflows.
- Sanitization: No evidence of sanitization or escaping of the ingested Reddit data before it is presented to the model.
Audit Metadata