meme-rush
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with official Binance domains (
web3.binance.com) to fetch market data and token lists. These are legitimate endpoints for the stated purpose of the skill. - [DATA_EXFILTRATION]: No sensitive local data is accessed or transmitted. The outgoing requests only contain public parameters such as chain IDs, pagination settings, and market filters.
- [INDIRECT_PROMPT_INJECTION]: The skill processes external data including token names, symbols, and AI-generated narratives from the API. While this presents a theoretical surface for indirect injection if an attacker-controlled token name contains malicious instructions, the skill does not have executable capabilities (like shell access or file writing) that would make such an injection high-risk.
- [SAFE]: All functionality aligns with the described purpose of a trading assistant, and all external resources belong to the verified vendor (Binance).
Audit Metadata