data-streaming
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes examples of connecting to Helius gRPC and RPC services (laserstream-mainnet-ewr.helius-rpc.com, photon.helius.com). These are well-known technology services for Solana and Light Protocol, used here for legitimate state streaming purposes.
- [COMMAND_EXECUTION]: The workflow instructions for the agent utilize internal research tools like Read, Glob, Grep, and DeepWiki to facilitate understanding of the domain references. These are standard operations for agentic task planning.
- [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by ingesting real-time blockchain account data (e.g., token names, symbols, and metadata) which an agent might later read or summarize.
- Ingestion points: Real-time account and transaction updates via helius-laserstream gRPC filters in references/shared.md and references/pdas.md.
- Boundary markers: Not implemented; data is handled as structured binary records.
- Capability inventory: Research via file tools (Grep, Glob), state caching in memory, and asynchronous RPC queries via light-client.
- Sanitization: Implementation code uses strict binary deserialization (Borsh and PodAccount layouts) to validate data integrity before it is used by the application logic.
Audit Metadata