delphi
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches blockchain state, market pricing, and historical trade information from official Gensyn API endpoints, the Goldsky subgraph, and Alchemy RPC nodes. These are standard, well-known services required for the skill's primary functionality.
- [COMMAND_EXECUTION]: Provides a suite of TypeScript scripts for executing on-chain transactions (buys, sells, redemptions, liquidations), asset bridging, and balance checks. These scripts are invoked via
npx tsxand require the user to have previously configured a wallet with signing capabilities. - [PROMPT_INJECTION]: The skill processes untrusted market metadata which presents an indirect prompt injection surface.
- Ingestion points: Market metadata (questions, titles, outcome labels) is fetched in
scripts/list-markets.ts,scripts/get-market.ts, andscripts/list-positions.ts. - Boundary markers: Absent; metadata is interpolated directly into the agent's context without explicit delimiters or instructions to ignore embedded commands.
- Capability inventory: The agent can execute transactions that move funds (buys/sells) and modify contract state via the provided scripts.
- Sanitization: No explicit sanitization of fetched string data is observed in the implementation scripts.
Audit Metadata