zap-fast
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
castutility (Foundry toolkit) to perform blockchain operations like balance checks and transaction broadcasting. - The script
execute-zap.shperforms rigorous validation on all user-supplied inputs using regular expressions (e.g., amount format, hex address patterns, tick ranges) before they are used in shell commands, effectively preventing command injection. - A mandatory safety gate requires the agent to obtain a manual "yes" from the user before executing the transaction.
- A built-in safety threshold blocks transactions exceeding $1,000 USD equivalent unless overridden by the operator.
- [EXTERNAL_DOWNLOADS]: The skill fetches token information, pricing, and transaction routes from official KyberSwap API endpoints (
zap-api.kyberswap.com,token-api.kyberswap.com,aggregator-api.kyberswap.com). - These are trusted vendor resources belonging to the skill author (KyberNetwork).
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external token symbols and pool metadata.
- Ingestion points: User-provided token symbols, pool addresses, and tick ranges; pool details from
earn-service.kyberswap.com. - Boundary markers: The agent is explicitly instructed to require a verbal confirmation step and to only use this skill when immediate execution is unambiguously requested.
- Capability inventory: Transaction broadcasting, file system access (for keystores), and network operations.
- Sanitization: All external data and user inputs are passed through strict regex validation filters in the underlying bash scripts before processing.
Audit Metadata