skills/jeremylongshore/claude-code-plugins-plus-skills/analyzing-liquidity-pools/Gen Agent Trust Hub
analyzing-liquidity-pools
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches liquidity pool metrics and token prices from established DeFi data providers including The Graph, DeFiLlama, and CoinGecko. These are well-known services used for public blockchain analytics.
- [PROMPT_INJECTION]: The skill processes external data, creating a surface for indirect prompt injection.
- Ingestion points: External API responses from The Graph and DeFiLlama are fetched in scripts/pool_fetcher.py.
- Boundary markers: Data is not explicitly wrapped in delimiters or safety warnings before being returned to the agent.
- Capability inventory: Subprocess calls, exec, and eval are absent across all scripts. File-write operations are limited to a local cache file (~/.lp_analyzer_cache.json) and user-defined output. Network operations are restricted to data fetching from industry-standard APIs.
- Sanitization: External data is parsed as structured JSON and formatted into tables, JSON, or CSV before presentation.
- [DATA_EXFILTRATION]: Utilizes a local cache file (~/.lp_analyzer_cache.json) to store public pool data. This is standard implementation for reducing API latency and does not involve accessing or transmitting sensitive user credentials or configuration files.
Audit Metadata