t2000-repay
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation and initialization of a CLI tool via
npx @t2000/cli init. This downloads and executes code from the NPM registry. The@t2000organization is not part of the trusted vendors list and does not match the known naming patterns for the skill author 'mission69b'. - [COMMAND_EXECUTION]: The skill functions by executing shell commands (
t2000 repay) on the host system. - [COMMAND_EXECUTION]: The skill is vulnerable to command injection because user-provided inputs for the
<amount>and[asset]parameters are directly interpolated into the shell commandt2000 repay <amount> [asset]. An attacker could provide input containing shell metacharacters (e.g.,;,&&, or|) to execute arbitrary code. - Ingestion points: The
<amount>and[asset]variables inSKILL.mdare used as CLI arguments. - Boundary markers: No delimiters or safety warnings are used to isolate user input from the command string.
- Capability inventory: The skill possesses the capability to execute the
t2000binary with arbitrary arguments via a shell subprocess. - Sanitization: There is no evidence of input validation, sanitization, or escaping of the user-provided data before it is passed to the shell.
Audit Metadata