Skills
skills/thinkfleetai/thinkfleet-engine/qrcoin/Gen Agent Trust Hub

qrcoin

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses curl, jq, printf, and awk to execute read-only queries against blockchain RPC endpoints and format the resulting data.
  • [EXTERNAL_DOWNLOADS]: Fetches auction state and metadata from mainnet.base.org, which is the official and well-known public RPC provider for the Base network.
  • [DATA_EXPOSURE]: The skill documents the use of standard smart contract addresses for the QR Auction and USDC on the Base mainnet, which are public and verifiable resources.
  • [INDIRECT_PROMPT_INJECTION]: As the skill processes data from a public blockchain (auction URLs and names), it possesses a standard indirect prompt injection surface. However, the risk is minimal as the data is used for informational display or as transaction parameters rather than direct control instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 05:15 AM