token-security
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious behavior or security vulnerabilities detected. The skill performs read-only operations and formats the results for the user.
- Indirect Prompt Injection (LOW): The skill processes external data (token metadata from an API) and user-supplied addresses. While this constitutes an attack surface where an attacker could name a token with malicious instructions, the skill lacks the capabilities (such as shell access, file writing, or network exfiltration) required to exploit such an injection.
- Unverifiable Dependencies (SAFE): The skill attempts to import a local service module (
../../../token-security/index.js). While this file is not provided in the skill package, it is a local reference likely provided by the host environment and does not involve downloading untrusted remote code.
Audit Metadata