near-intents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to override system behavior or bypass safety guidelines. Instructions are focused on API integration.
- Data Exposure & Exfiltration (SAFE): Communication is limited to the documented service provider (1click.chaindefuser.com) and standard blockchain RPCs. Credentials such as private keys and API keys are handled via environment variables or wallet adapters rather than being hardcoded.
- Obfuscation (SAFE): The content consists of clear markdown documentation and readable code snippets without encoded or hidden logic.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references reputable and standard packages (e.g., viem, @tanstack/react-query, @solana/web3.js) for its implementation examples.
- Indirect Prompt Injection (LOW):
- Ingestion points: The skill ingests data from external API responses (v0/tokens, v0/quote, v0/status) which populate transaction parameters.
- Boundary markers: Code examples use structured data patterns but do not explicitly define boundary markers for untrusted API strings.
- Capability inventory: The skill is designed to perform blockchain transactions and network requests based on API output.
- Sanitization: Uses standard SDKs (e.g., viem, Solana SDK) that provide built-in validation for address formats and amounts.
- Privilege Escalation (SAFE): No unauthorized permission requests or attempts to acquire administrative rights were found.
Audit Metadata