Skills
skills/revolut-engineering/revolut-agent-skills/revolut-x-configuration/Gen Agent Trust Hub

revolut-x-configuration

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing a local Python script (scripts/revx_sign.py) to handle API interactions and signature generation.
  • [EXTERNAL_DOWNLOADS]: The included signing script requires the installation of well-known Python libraries for its functionality, specifically httpx, cryptography, and pynacl.
  • [DATA_EXFILTRATION]: The skill makes network connections to the official Revolut X API endpoint (revx.revolut.com) to retrieve configuration data. These requests include the user's API key and a cryptographic signature for authentication.
  • [CREDENTIALS_UNSAFE]: The signing script reads an Ed25519 private key from the filesystem. The location of this sensitive file is determined by the REVX_PRIVATE_KEY environment variable, which is a standard practice for secure local credential management.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 09:10 PM