query-token-info
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration points to network endpoints at
web3.binance.comanddquery.sintral.io. These are used to retrieve token metadata, real-time market metrics, and candlestick chart data. These resources are provided by the author to support the skill's primary function. - [PROMPT_INJECTION]: The skill ingests external data from API responses, such as token descriptions and names, which constitutes a potential surface for indirect prompt injection. However, this is a common characteristic of data-retrieval skills and no malicious behavior was identified.
- Ingestion points: Token descriptive fields returned by the Binance and Sintral APIs defined in
SKILL.md. - Boundary markers: None explicitly defined in the API response handling instructions.
- Capability inventory: The skill is limited to data retrieval and does not have file-write or code-execution capabilities.
- Sanitization: No specific sanitization or filtering is prescribed for the retrieved strings within the skill documentation.
- [NO_CODE]: The skill consists exclusively of API documentation and configuration metadata, with no associated scripts or binary files.
Audit Metadata