euler-data
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (MEDIUM): The skill requires the installation of the
@eulerxyz/euler-interfacespackage from npm. As@eulerxyz(Euler Labs) is not on the specific Trusted Organizations list, this dependency is classified as unverifiable. - Dynamic Execution (MEDIUM): In
rules/tools-interfaces.md, the skill demonstrates dynamic module loading usingawait import()with a template string:@eulerxyz/euler-interfaces/addresses/${chainId}/CoreAddresses.json. Loading modules from computed paths can lead to Local File Inclusion (LFI) or execution of unexpected code if thechainIdvariable is sourced from untrusted input without strict validation. - Indirect Prompt Injection (LOW): Found in
rules/tools-subgraphs.md. - Ingestion points: Data is fetched from an external subgraph URL via the
request()function. - Boundary markers: None present; data is directly interpolated into the application logic.
- Capability inventory: The ingested data is used for display purposes (logging balances and health factors) in the provided examples, limiting the immediate risk to information display.
- Sanitization: Minimal sanitization (e.g.,
toLowerCase()) is applied to address inputs, but no filtering of the actual subgraph response is present. - Data Exposure & Exfiltration (LOW): The skill performs network requests to
api.goldsky.comfor subgraph queries. This domain is not on the whitelisted domains list, though the activity is consistent with the skill's stated purpose of fetching blockchain data.
Audit Metadata