coingecko-api
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No security issues or malicious patterns were detected in the skill's instructions or configuration.
- [COMMAND_EXECUTION]: The skill utilizes
curlfor interacting with the CoinGecko API. These commands are used for their intended purpose of fetching financial data and use shell-safe environment variables for authentication headers. - [EXTERNAL_DOWNLOADS]: The skill connects to
api.coingecko.comandpro-api.coingecko.com, which are well-known technology services. It also references official documentation atdocs.coingecko.com. These external references are legitimate and do not involve untrusted remote code execution. - [CREDENTIALS_UNSAFE]: The skill demonstrates best practices by instructing the agent to detect and use environment variables (
COINGECKO_API_KEY,COINGECKO_PRO_API_KEY) rather than hardcoding sensitive credentials. - [PROMPT_INJECTION]: No evidence of prompt injection or bypass instructions was found. The guidance focuses on coin ID and platform resolution workflows.
Audit Metadata