coingecko
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard implementation of API wrappers for the CoinGecko market data service. It does not contain any malicious code, obfuscation, or unauthorized access patterns.
- [EXTERNAL_DOWNLOADS]: All network operations are directed towards the official CoinGecko Pro API (
pro-api.coingecko.com). These are legitimate data-fetching operations from a well-known service provider. - [CREDENTIALS_UNSAFE]: The skill requires a
COINGECKO_API_KEYwhich is correctly managed through environment variables as specified in the metadata, avoiding hardcoded secrets. - [PROMPT_INJECTION]: The skill processes external data (such as coin descriptions), which presents a theoretical surface for indirect prompt injection. However, as it only returns this data as structured JSON to the agent without providing dangerous capabilities like system command execution, the risk is minimal.
Audit Metadata