subsquid
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill describes an architecture for indexing untrusted blockchain data (logs, transactions), creating a potential attack surface for indirect prompt injection via processed content. This is inherent to the functionality of an indexer.\n
- Ingestion points:
references/core-evm-processor.md(ingestsctx.blockscontaining chain data).\n - Boundary markers: No specific instructions for the agent to use delimiters or ignore embedded data in processed blocks are specified in the documentation.\n
- Capability inventory:
references/core-schema-typeorm.md(database interaction viactx.storefor insertion and updates).\n - Sanitization: No explicit sanitization requirements for processed data are provided to the agent.\n- [EXTERNAL_DOWNLOADS]: The skill documents features that fetch data from external sources, such as GitHub and Etherscan, for project initialization and ABI processing. These are standard operations for the Subsquid SDK targeting well-known services.\n
- Evidence: Project initialization via
sqd init -tand ABI retrieval viasquid-evm-typegenas documented inreferences/features-cli.mdandreferences/features-evm-typegen.md.\n- [COMMAND_EXECUTION]: Documentation includes instructions for running SDK-specific CLI tools for code generation and server management.\n - Evidence:
references/core-schema-typeorm.md(npx squid-typeorm-codegen),references/features-cli.md(sqd init,sqd run), andreferences/features-graphql.md(npx squid-graphql-server).
Audit Metadata