blofin-portfolio-analyst
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill requires sensitive credentials (BLOFIN_API_KEY, BLOFIN_API_SECRET, BLOFIN_PASSPHRASE) to function. These are correctly handled as environment variables rather than being hardcoded, which is standard practice for authenticated financial tools.
- [INDIRECT_PROMPT_INJECTION]: The skill processes data from external API responses (BloFin trade history and balances). While this represents a theoretical ingestion surface for untrusted content, the risk is negligible given the structured nature of financial data and the lack of sensitive command execution capabilities.
- [COMMAND_EXECUTION]: No evidence of shell command execution or subprocess spawning was found in the provided instructions.
Audit Metadata