yellow-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends installing the
@erc7824/nitrolitepackage. This dependency originates from a source not listed in the predefined trusted organizations, making it unverifiable through static analysis. - [DATA_EXFILTRATION] (LOW): The documentation references an external WebSocket domain (
wss://clearnet.yellow.com/ws) which is not on the approved whitelist. While standard for the protocol, it represents an external network vector. - [PROMPT_INJECTION] (SAFE): The content is strictly technical and instructional. No patterns for system prompt extraction, safety bypass, or behavioral overrides were detected.
- [CREDENTIALS_UNSAFE] (SAFE): The skill explicitly warns against exposing private keys and uses standard placeholders for variables, avoiding hardcoded secrets.
Audit Metadata