raydium
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill fetches serialized transactions from an external API (transaction-v1.raydium.io) to be signed and executed by the user's wallet.
- Evidence: Found in 'resources/trade-api.md'. The 'swapWithTradeAPI' function fetches transaction data from the remote endpoint, deserializes it into a 'VersionedTransaction', and signs it using the user's private key.
- Risk: While this is standard for the Raydium Trade API, it allows a remote server to define the logic of transactions being signed by the user.
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires the installation of the '@raydium-io/raydium-sdk-v2' package and references repositories under the 'raydium-io' GitHub organization.
- Evidence: Found in 'SKILL.md' and 'resources/github-repos.md'.
- Note: This organization is not in the predefined trusted list.
- [PROMPT_INJECTION] (LOW): The skill exposes an indirect prompt injection surface by ingesting untrusted token metadata that influences agent actions.
- Ingestion points: The 'launchToken' function in 'resources/launchlab.md' accepts 'name', 'symbol', and 'uri' parameters.
- Boundary markers: Absent in the provided examples.
- Capability inventory: The skill can execute blockchain transactions via 'raydium.launchLab.createToken'.
- Sanitization: No sanitization or validation logic is shown for the metadata fields.
Audit Metadata