hydrex
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches dynamic strategy data and Merkle proofs from official subdomains including
api.hydrex.fiandincentives-api.hydrex.fi. These downloads are essential for providing up-to-date protocol information and enabling users to claim rewards. - [PROMPT_INJECTION]: The skill processes data from external protocol APIs, which constitutes a vulnerability surface for indirect prompt injection. 1. Ingestion points: The skill retrieves pool metadata and reward proofs from
hydrex.fiAPI endpoints. 2. Boundary markers: The prompt templates lack explicit delimiters or instructions to ignore potential commands embedded in the fetched data. 3. Capability inventory: The agent has access to thebankrtool, which can execute financial transactions on the Base network. 4. Sanitization: No explicit logic is provided to validate or sanitize the API responses before they are used to influence agent decisions.
Audit Metadata