solana
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches blockchain data from the official Solana mainnet RPC (api.mainnet-beta.solana.com) and token pricing from the CoinGecko API (api.coingecko.com). Both are well-known services appropriate for the skill's purpose and are accessed securely via standard HTTPS requests.
- [COMMAND_EXECUTION]: The skill relies on a bundled Python script (solana_client.py) to perform queries. This script uses only standard library modules (urllib, json, argparse) and does not execute arbitrary shell commands or expose the system to command injection.
- [DATA_EXFILTRATION]: Analysis of the source code confirms that network traffic is strictly limited to the specified blockchain and pricing APIs. No access to sensitive local files, environment variables, or credentials was detected.
- [PROMPT_INJECTION]: The skill documentation and helper script do not contain any instructions or patterns designed to override agent behavior, bypass safety filters, or extract system prompts.
Audit Metadata