defillama-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads an OpenAPI configuration file from the author's official GitHub repository (holon-run/uxc). This is a standard configuration fetch from a known vendor source.
- [COMMAND_EXECUTION]: The skill instructs the agent to use the
uxcCLI tool to interact with the DefiLlama API. All commands are limited to public, read-only GET operations on theapi.llama.fidomain. - [DATA_EXFILTRATION]: There is no evidence of sensitive data access. The skill explicitly states it is for public analytics and does not require or handle authentication keys.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any remote code execution. The
uxc linkcommand is used to create a local alias for a specific API endpoint and schema, which is standard behavior for the underlying tool. - [PROMPT_INJECTION]: No malicious instructions or bypass attempts were detected in the prompt metadata or instruction files. The instructions focus on operational guardrails and schema-first execution.
Audit Metadata