Skills
skills/haedallsd/haedal-skill/haedal-vehaedal/Gen Agent Trust Hub

haedal-vehaedal

Pass

Audited by Gen Agent Trust Hub on Mar 19, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill interacts exclusively with the official Haedal Protocol domain (haedal.xyz) to perform DeFi actions like staking and claiming rewards. This aligns with the vendor resource patterns for the protocol.
  • [COMMAND_EXECUTION]: The skill uses curl and jq to communicate with the Haedal Skills API. These tools are used appropriately to fetch transaction data and parse JSON responses.
  • [DATA_EXFILTRATION]: The skill sends only necessary blockchain-related identifiers (signer address and object IDs) to the official protocol endpoint. No sensitive system files, environment variables, or user credentials are accessed or transmitted.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from an external API (haedal.xyz), which is an inherent vulnerability surface. 1. Ingestion points: API responses processed in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: curl and jq (Bash). 4. Sanitization: None specified. However, since the source is the official vendor API, the risk is negligible.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 19, 2026, 11:42 AM