shadow-number
Fail
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a sensitive environment variable
SHADOW_WALLET_KEY, which is used as a private key for a crypto wallet to handle payments. - Evidence: The YAML frontmatter in
SKILL.mdidentifiesSHADOW_WALLET_KEYas a required environment variable. - [EXTERNAL_DOWNLOADS]: The skill relies on an external API hosted on an unverified third-party domain, which is not recognized as a trusted organization or well-known service.
- Evidence:
SKILL.mddirects all network requests tohttps://extraordinary-charisma-production.up.railway.appfor purchasing numbers and polling for OTP codes. - [DATA_EXFILTRATION]: Sensitive wallet credentials are used to interact with a remote, untrusted server for the purpose of executing automated financial transactions.
- Evidence:
SKILL.mddocumentation states the skill automatically handles USDC payments on the Base network using the provided key when the API returns an HTTP 402 status code. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes and acts upon data received from an external, untrusted source.
- Ingestion points: Data is retrieved from the
/api/smspva/otp/{orderId}endpoint. - Boundary markers: None are present to distinguish between data and potential instructions.
- Capability inventory: The agent uses the data to navigate browser windows and submit web forms.
- Sanitization: No sanitization or validation of the received code is mentioned in the skill instructions.
Recommendations
- AI detected serious security threats
Audit Metadata