Skills
skills/subsquid-labs/agent-skills/pipes-abi/Gen Agent Trust Hub

pipes-abi

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill workflow involves fetching data from https://addybook.xyz, which is not a whitelisted external source. While it is a legitimate protocol registry, automated fetching of external data is a security consideration.
  • [Indirect Prompt Injection] (LOW): The skill possesses a surface for indirect prompt injection because it processes data from an external 3rd-party source to drive subsequent agent actions.
  • Ingestion points: Data is fetched via WebFetch from addybook.xyz (documented in RESEARCH_CHECKLIST.md).
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the suggested prompt templates.
  • Capability inventory: The skill integrates with tools that perform code generation (pipes-new-indexer) and ABI parsing (pipes-abi).
  • Sanitization: There is no evidence of sanitization or schema validation mentioned for the incoming JSON data from the external API.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 01:52 AM