Skills
skills/conflux-fans/conflux-skills/conflux-scan-rpc/Gen Agent Trust Hub

conflux-scan-rpc

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the cast CLI and curl to execute blockchain queries and network requests.
  • [EXTERNAL_DOWNLOADS]: The skill fetches blockchain data and metadata from Conflux RPC nodes (evm.confluxrpc.com) and the ConfluxScan API (evmapi.confluxscan.org).
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing data from external sources.
  • Ingestion points: Fetches contract ABIs, source code, and transaction logs from the ConfluxScan API and RPC nodes via curl and cast commands.
  • Boundary markers: The skill does not implement specific delimiters or safety instructions to prevent the agent from following directions potentially embedded in retrieved blockchain data.
  • Capability inventory: The skill executes shell commands (cast, curl) to retrieve data but does not perform file system writes or maintain persistent access.
  • Sanitization: There is no evidence of validation or sanitization for the content returned from blockchain explorers or RPC endpoints.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 07:47 AM