uniswap-v4-lp
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill requires a private key to execute blockchain transactions. It securely loads this from a local environment file (~/.axiom/wallet.env) rather than hardcoding credentials. It also fetches price data from api.dexscreener.com, which is a standard procedure for DeFi automation and price discovery.
- [INDIRECT_PROMPT_INJECTION]: The skill contains a surface for indirect injection by reading recipient lists and amounts from local CSV and JSON files (e.g., bankr-top100-wallets.csv). While these are controlled by the user, an agent processing untrusted external data into these files could be manipulated. However, the scripts include manual confirmation prompts for sensitive actions like airdrops to mitigate accidental execution.
- [COMMAND_EXECUTION]: The skill performs complex on-chain operations by encoding Uniswap V4 action codes into bytecode. This is the standard architectural pattern for interacting with the Uniswap V4 Singleton contract and does not involve arbitrary local command execution.
- [EXTERNAL_DOWNLOADS]: The skill uses standard, well-known Node.js dependencies such as viem, dotenv, and @uniswap/v4-sdk. No unverifiable third-party scripts or remote code execution patterns were detected.
Audit Metadata