web-research
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'agentcash' package using the command 'npx agentcash@latest install', which involves downloading and executing code from the public npm registry.
- [DATA_EXFILTRATION]: The skill uses the 'agentcash.fetch' tool to send search queries and target URLs to external endpoints at 'stableenrich.dev'. This interaction with a third-party service is necessary for the skill's research functionality.
- [PROMPT_INJECTION]: The skill has a risk of indirect prompt injection due to its core function of retrieving external content. * Ingestion points: Data is fetched from arbitrary websites via Exa and Firecrawl APIs (noted in 'SKILL.md'). * Boundary markers: There are no identified markers or instructions to delimit or ignore instructions within the retrieved web content. * Capability inventory: The 'agentcash' MCP provides tools for network requests ('fetch'), wallet management ('get_wallet_info'), and account setup ('redeem_invite'). * Sanitization: There is no mention of sanitization or filtering applied to the markdown or text extracted from web pages before it is presented to the agent.
Audit Metadata