defi-data-fetcher
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized behavior were detected in the skill instructions or scripts.
- [COMMAND_EXECUTION]: The skill uses a local Python script
scripts/normalize_metrics.pyto aggregate and reconcile metric data. Technical analysis of the script confirms it is restricted to data transformation tasks using standard libraries (argparse,json,re,statistics). It contains no functions for system command execution, unauthorized file system access, or network communication. - [EXTERNAL_DOWNLOADS]: The skill is designed to fetch data from well-known services including DeFiLlama, CoinGecko, CoinMarketCap, and various official protocol subgraphs. These are recognized as trusted/well-known technology services for financial data aggregation.
- [PROMPT_INJECTION]: While the skill ingests untrusted data from external APIs and user-provided snapshots (Category 8 surface), the risk is mitigated by a robust evidence chain: (1) Ingestion points: Defined in
SKILL.mdandreferences/offline-fallback.md; (2) Boundary markers: The skill enforces a strict JSON output schema; (3) Capability inventory: Processed data is only used for numerical reconciliation inscripts/normalize_metrics.py; (4) Sanitization: The Python script performs strict type conversion and regex-based cleaning on input values before processing, preventing the injection of executable instructions.
Audit Metadata