raydium
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data (such as token names, symbols, and descriptions) from the Solana blockchain and Raydium API. This content is controlled by external users and may contain malicious instructions that could manipulate the AI agent.
- Ingestion points: Metadata is fetched via methods like
raydium.api.getTokenInfo,raydium.api.fetchPoolById, andraydium.token.tokenListacross various resource and example files. - Boundary markers: The provided code snippets and instructions do not include explicit delimiters or warnings for the agent to ignore instructions embedded within the fetched metadata.
- Capability inventory: The skill provides extensive capabilities to execute high-impact blockchain transactions, including swapping and liquidity management, via the
execute()method in files such asexamples/swap/README.md. - Sanitization: There is no evidence of logic designed to sanitize or validate the content of these external metadata strings before they are logged or processed.
- [EXTERNAL_DOWNLOADS]: The skill recommends the installation and use of the official Raydium SDK (
@raydium-io/raydium-sdk-v2) and other standard Solana ecosystem libraries from the public npm registry.
Audit Metadata