dexranger
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill performs network requests to
https://dexranger.comto fetch token data. This is the intended primary purpose of the skill. The domain is not on the global trust list, but the risk is mitigated by the skill's specific use case. - [COMMAND_EXECUTION] (SAFE): The script
scripts/dexranger_check.pyusessubprocess.runto execute the systemcurlcommand. It passes arguments as a list, which effectively prevents shell injection vulnerabilities. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data from a third-party website, creating a theoretical surface for indirect prompt injection.
- Ingestion points: Data is fetched from
dexranger.comviafetch_token_pageinscripts/dexranger_check.py. - Boundary markers: None present in the instructions provided to the agent in
SKILL.md. - Capability inventory: The skill can execute
curlcommands and read the resulting output. - Sanitization: The script uses regular expressions to extract specific JSON structures from the HTML response, providing a layer of structural validation that prevents the agent from processing arbitrary HTML content.
Audit Metadata