trade
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- External Downloads (HIGH): The skill uses 'npx awal@latest' which downloads and executes a package from the public npm registry. The package 'awal' and its owner '0xrag' are not recognized as trusted sources according to the established safety rules.
- Remote Code Execution (HIGH): By running 'npx awal@latest', the skill allows for arbitrary code execution from a remote source. The use of the '@latest' tag is particularly dangerous as it ensures the most recent (and potentially malicious) version of the package is executed.
- Command Execution (HIGH): The 'SKILL.md' file instructs the agent to interpolate user-provided values like '', '', and '' directly into bash commands. This lacks sanitization, enabling potential shell command injection if an attacker provides a crafted token address or option.
- Indirect Prompt Injection (HIGH): The skill provides a significant attack surface for indirect injection. * Ingestion points: The skill accepts arguments for amount and token addresses ('from', 'to') which are typically sourced from untrusted external data like user messages. * Boundary markers: None are defined in the command construction. * Capability inventory: The skill has the capability to execute bash commands via 'npx'. * Sanitization: There is no evidence of input validation or sanitization before the parameters are passed to the shell.
Recommendations
- AI detected serious security threats
Audit Metadata