openmm-cardano-dex
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @3rd-eye-labs/openmm package from the NPM registry to provide the openmm CLI functionality.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool, restricted to the openmm binary, for network interaction and data retrieval.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) via external data from the Iris Protocol. Ingestion points: Pool data from Iris Protocol (SKILL.md). Boundary markers: Absent. Capability inventory: Bash(openmm:*) in SKILL.md. Sanitization: Absent.
Audit Metadata