ave-trade-proxy-wallet
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts, such as scripts/ave_trade_rest.py, to perform trading operations. These scripts are called with user-specified arguments including wallet IDs and token addresses.
- [EXTERNAL_DOWNLOADS]: The skill requires installing external Python dependencies using 'pip install -r scripts/requirements.txt' to fetch packages from the Python Package Index.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its handling of untrusted data.
- Ingestion points: User-provided token addresses, asset IDs, and JSON-formatted trade rules processed via command-line arguments in SKILL.md.
- Boundary markers: No explicit delimiters or boundary markers are defined in the skill instructions to separate user inputs from script command structures.
- Capability inventory: The skill possesses network access for DEX trading and order monitoring via the referenced Python scripts.
- Sanitization: Documentation for input sanitization or validation of user-provided strings is not explicitly detailed in the provided files.
Audit Metadata