swapper-integration
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute standard development tasks such as yarn test, yarn lint, yarn build, and gh pr subcommands within the ShapeShift codebase as defined in SKILL.md.
- [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch and WebSearch tools to research third-party API documentation and Swagger specifications. It also guides the agent to install the @defuse-protocol/one-click-sdk-typescript package from the npm registry as part of the implementation plan in NEAR_INTENTS_RESEARCH.md.
- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection due to its requirement to ingest and process untrusted external documentation to generate code.
- Ingestion points: The agent is instructed to use WebFetch and WebSearch to retrieve content from external websites and developer portals (SKILL.md).
- Boundary markers: Absent; the skill does not provide specific delimiters or instructions to ignore embedded directives in the fetched content.
- Capability inventory: The agent has access to Write and Edit tools for code generation, as well as Bash for executing builds and tests (SKILL.md).
- Sanitization: Absent; there is no validation or sanitization process mentioned for data retrieved from external documentation before it is processed by the agent.
Audit Metadata