jupiter-lend
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill references official Jupiter Lend domains (jup.ag, dev.jup.ag) and GitHub repositories (github.com/jup-ag, github.com/Instadapp) for documentation and smart contract source code.- [COMMAND_EXECUTION]: The documentation provides standard installation commands for the official protocol SDKs (@jup-ag/lend-read and @jup-ag/lend) and necessary dependencies (@solana/web3.js, bn.js).- [DATA_EXFILTRATION]: Example scripts include logic for reading a private key from the filesystem via fs.readFileSync. This logic uses a placeholder path (/path/to/your/keypair.json) and represents a standard development pattern for loading a Solana Keypair for transaction signing.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external data from the Solana blockchain (e.g., vault positions, market data). No specific malicious payloads were detected in the static content, and the capability is inherent to the DeFi integration use case.
Audit Metadata