swap-execute
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides installation instructions for the Foundry toolkit via a remote script from its official domain (
foundry.paradigm.xyz). This is a standard and trusted source for this software. - [COMMAND_EXECUTION]: The skill uses shell commands via the
casttool to interact with Ethereum-compatible blockchains. This core functionality is protected by a mandatory confirmation workflow that requires the user to review transaction details before they are sent. - [PROMPT_INJECTION]: There is an indirect prompt injection surface as the skill processes JSON data from a preceding tool to build shell commands. This is addressed as follows:
- Ingestion points: Untrusted data enters the context via the output of the
swap-buildskill. - Boundary markers: No specific delimiters are used for the interpolated data fields.
- Capability inventory: The skill utilizes
cast send,cast call, andcast balancesubprocesses. - Sanitization: While programmatic sanitization is not specified, the skill implements a mandatory human-in-the-loop confirmation step, displaying the router address, value, and gas limit to the user for verification before any transaction occurs.
Audit Metadata