pumpfun
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): The skill documentation guides users to store a SOLANA_PRIVATE_KEY in environment variables. While it uses placeholders, the design depends on the agent managing high-value blockchain credentials.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it fetches untrusted token metadata from the Pump.fun API. * Ingestion points: /pump search, /pump trending, and /pump token fetch external token names and descriptions. * Boundary markers: No delimiters or instructions to ignore embedded content are present in the command definitions. * Capability inventory: The skill has the capability to perform financial transactions (/pump buy, /pump sell) using sensitive credentials. * Sanitization: No sanitization or validation of external token metadata is mentioned.
- [NO_CODE] (SAFE): The provided file contains documentation and command specifications only; no executable scripts or code files were found.
Audit Metadata