hydrex
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by ingesting data from external APIs to guide agent actions such as voting optimization and reward claiming.\n
- Ingestion points: Logic in references/rewards.md, references/voting.md, and references/single-sided-liquidity.md fetches data from https://api.hydrex.fi/strategies and https://incentives-api.hydrex.fi/campaigns/proofs/.\n
- Boundary markers: Absent; there are no explicit delimiters or instructions for the agent to ignore potentially malicious instructions embedded in the API responses.\n
- Capability inventory: The skill can execute various on-chain transactions using the bankr tool, including vote, createLock, forwardDepositToICHIVault, and claimMultiple.\n
- Sanitization: Absent; the logic assumes the API data is trustworthy and does not perform validation before interpolation into command strings.\n- [EXTERNAL_DOWNLOADS]: Fetches liquidity strategy information and rewards Merkle proofs from Hydrex's official API subdomains. These interactions are required for the skill's primary functions and are directed at the protocol's own infrastructure.\n- [COMMAND_EXECUTION]: Utilizes the bankr command-line utility for querying blockchain data and executing transactions. This is a core dependency provided by the skill author for interacting with the Base network.
Audit Metadata