pubfi-wallet-portfolio-analysis
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill correctly uses environment variables for sensitive credentials (ZERION_API_KEY) and limits network activity to established DeFi data providers.\n- [Indirect Prompt Injection] (SAFE): The skill ingests external data from the Zerion API to guide further research. While this presents an ingestion surface, the risk is mitigated by the use of trusted data sources and the specific analytical scope of the skill.\n
- Ingestion points: Asset and protocol data from the Zerion API parsed by zerion-portfolio.py.\n
- Boundary markers: Input validation for the wallet address (0x format) is implemented to ensure data integrity.\n
- Capability inventory: Local Python execution for data aggregation and network requests via the requests library and curl for protocol metadata.\n
- Sanitization: Data from the Zerion API is processed as structured input for reporting and subsequent lookups without direct execution of untrusted code.
Audit Metadata