pyth
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- External Downloads (SAFE): The skill documents dependencies on official packages
@pythnetwork/hermes-clientfor Node.js andpyth-solana-receiver-sdkfor Rust. These are industry-standard libraries required for Pyth oracle integration. - Indirect Prompt Injection (LOW):
- Ingestion points:
examples/price-feeds/fetch-price.tsandexamples/price-feeds/multiple-prices.tsingest external market data from the Hermes API (https://hermes.pyth.network). - Boundary markers: Data is strictly parsed into structured numerical types using the official Hermes client, preventing interpretation of data as natural language instructions.
- Capability inventory: The skill performs logging (
msg!,console.log) and mathematical operations for price conversion. It does not possess file-writing or command-execution capabilities. - Sanitization: The Rust implementation (
anchor-integration.rs) includes robust validation logic, such asvalidate_confidenceandget_price_no_older_than, ensuring the program rejects stale or highly volatile data.
Audit Metadata