pnp-markets-solana
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill requires a Solana private key (
PRIVATE_KEY) to sign transactions. It correctly instructs users to provide this via environment variables rather than hardcoding it, which is the standard security practice for blockchain-integrated tools. - [EXTERNAL_DOWNLOADS]: The skill depends on the
pnp-sdkNPM package. This is a vendor-provided resource from 'pnp-protocol', the author of the skill, and is necessary for interacting with their on-chain program. - [COMMAND_EXECUTION]: The skill includes several utility scripts (e.g.,
create-market.ts,trade.ts,settle.ts) that the agent can execute to perform operations on the Solana network. These scripts are standard TypeScript implementations using the Solana web3.js library. - [PROMPT_INJECTION]: There is a potential surface for indirect prompt injection as the agent handles prediction market 'questions' and receives settlement data from an external proxy service.
- Ingestion points: The
questionfield in market creation methods (found inSKILL.md) and the resolution reasoning returned byfetchSettlementData(found inscripts/market-data.ts). - Boundary markers: None explicitly defined for the market question text.
- Capability inventory: The agent has the capability to sign transactions that spend collateral (USDC) and interact with smart contracts on Solana.
- Sanitization: The provided code snippets do not show explicit sanitization of the market question string before it is sent to the blockchain, though the underlying SDK and blockchain protocol enforce their own data constraints.
Audit Metadata