optimizing-gas-fees
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions in
implementation.mddirect the agent to load API credentials from a sensitive file path:{baseDir}/config/crypto-apis.env. This file is used to store authentication tokens for blockchain explorers and RPC services. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill performs network operations to external services to retrieve gas and price data.
- Network operations: Fetches data from
api.coingecko.com,eth.llamarpc.com,api.etherscan.io, and other chain-specific RPC/explorer endpoints. These are well-known services used for their intended purpose in this skill. - File access: The scripts
gas_fetcher.pyandpattern_analyzer.pywrite data to the user's home directory (e.g.,~/.gas_cache_{chain}.jsonand~/.gas_history.json) to maintain performance and historical context. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from external, untrusted sources which creates a potential surface for indirect prompt injection.
- Ingestion points: API responses from Etherscan, CoinGecko, and various RPC providers are processed in
gas_fetcher.pyandcost_estimator.py. - Boundary markers: The prompt instructions in
SKILL.mdlack explicit boundary markers or warnings to ignore instructions that might be embedded in the retrieved blockchain or price data. - Capability inventory: The skill utilizes the Bash tool to execute Python scripts that process this data. However, it does not currently use the data to construct shell commands or execute dynamic code.
- Sanitization: The data is parsed using standard JSON libraries (
requests.json()andjson.load()), which provides basic structure validation.
Audit Metadata