sushiswap-api
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill possesses a high-risk capability to generate executable transaction data based on external API content. * Ingestion points: API responses from https://api.sushi.com and the local references/openapi.yaml file. * Boundary markers: Absent. There are no delimiters or specific instructions for the agent to treat API responses as untrusted data. * Capability inventory: Generates transaction components (tx.to, tx.data, tx.value, tx.gas) that can lead to irreversible financial actions if executed by the agent or a downstream tool. * Sanitization: Limited. The skill instructs the agent not to 'fabricate' calldata but lacks mechanisms to verify the integrity of the data returned by the API or the schema.
- [External Network Access] (LOW): The skill performs network requests to a non-whitelisted domain (https://api.sushi.com). * Evidence: Base URL defined in SKILL.md. * Trust Status: The domain is not on the trusted list, meaning the data ingestion path is considered untrusted.
Recommendations
- AI detected serious security threats
Audit Metadata