evm-chains
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill acts as a static lookup table for EVM chain metadata (Name, ID, RPC, Currency). It does not contain executable code or scripts.
- [CREDENTIALS_UNSAFE]: The skill correctly instructs the agent to use an environment variable (
ROUTEMESH_API_KEY) for authentication rather than providing hardcoded secrets. - [EXTERNAL_DOWNLOADS]: The skill lists several public RPC endpoints for blockchain networks. One endpoint (
https://rpc.form.network/http) was flagged by an automated scanner; however, this is the official public RPC for the Form Network (an Ethereum Layer 2) and its inclusion is consistent with the skill's primary purpose. - [INDIRECT_PROMPT_INJECTION]: The skill accepts user-supplied chain names or IDs to perform lookups. While it lacks explicit boundary markers for this input, the risk is negligible as it merely maps the input to a static internal table or suggests a web search for authoritative data.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata