trading
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the @gdexsdk/gdex-skill npm package, which is a standard dependency for its trading functionality.
- [DATA_EXFILTRATION]: The skill documentation specifies connection to an external API (https://trade-api.gemach.io/v1) to perform trades and fetch market data, which is necessary for its operation.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its ingestion of external market and token data. 1. Ingestion points: Market and token discovery data from the GDEX API. 2. Boundary markers: No explicit delimiters are used in the provided scripts. 3. Capability inventory: The skill can execute trades, bridge assets, and manage portfolios. 4. Sanitization: No specific filtering of API-returned strings is performed in the wrapper code.
Audit Metadata