send-token
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches and executes the
@openant-ai/clipackage from the npm registry usingnpx. This is a vendor-owned resource used for its intended purpose of managing wallet operations.\n- [COMMAND_EXECUTION]: Uses theBashtool to execute shell commands for querying wallet balances and sending tokens on-chain.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-provided inputs such as recipient addresses, amounts, and RPC URLs are interpolated into command-line arguments.\n - Ingestion points: Parameters for the
wallet sendcommand (chain, token, amount, to, and --rpc) provided by users.\n - Boundary markers: None are specified in the shell command templates.\n
- Capability inventory:
Bashtool execution for executing financial transactions and querying network status.\n - Sanitization: No programmatic sanitization is described, but the skill mandates that the agent must explicitly confirm all transaction details with the user and validate address compatibility before execution, which serves as a procedural safeguard.
Audit Metadata