Skills
skills/1inch/1inch-ai/1inch-mcp-server/Gen Agent Trust Hub

1inch-mcp-server

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill consists strictly of Markdown documentation and configuration guidelines, with no executable scripts or binaries included in the package.
  • [EXTERNAL_DOWNLOADS]: Provides instructions to download the supergateway utility from the NPM registry using npx to bridge the 1inch HTTP server for clients that only support stdio transport.
  • [COMMAND_EXECUTION]: Contains shell command examples for client setup and authentication header configuration intended for user execution.
  • [PROMPT_INJECTION]: The search tool processing documentation from external sources represents a surface for indirect prompt injection.
  • Ingestion points: Documentation and API reference data fetched from api.1inch.com.
  • Boundary markers: None explicitly defined in the tool specifications.
  • Capability inventory: Includes tools for token swaps (swap), limit orders (orderbook), and general product API calls (product_api).
  • Sanitization: No specific sanitization logic is provided in the documentation.
  • [SAFE]: All documented endpoints and tools target official 1inch infrastructure (api.1inch.com), and the skill provides clear warnings against hardcoding sensitive credentials.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 03:53 PM