helius-dflow
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data from the Solana blockchain, creating a surface for indirect prompt injection.
- Ingestion points: Digital asset metadata, wallet histories, and market titles are fetched via DAS and Wallet APIs in references/helius-das.md and references/helius-wallet-api.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are provided in the references.
- Capability inventory: The agent can construct and submit transactions to the blockchain as described in references/helius-sender.md.
- Sanitization: The skill relies on standard API parsing without additional logic to sanitize natural language content within data fields.
- [EXTERNAL_DOWNLOADS]: The skill references and utilizes official SDKs and MCP servers from trusted organizations including Helius Labs and DFlow Protocol.
- [COMMAND_EXECUTION]: Instructions are provided for installing MCP servers and using the Helius CLI for account management, which are standard operations for this developer toolset.
Audit Metadata