pipes-template-nft-transfers
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious behaviors detected. The code consists of static database schemas and standard template generation logic for blockchain data indexing.
- Dynamic Execution (LOW): The skill uses the Mustache library in
templates/nft-transfers/templates/transformer.tsto generate a TypeScript transformer script. While this involves string interpolation into code, the inputs are strictly validated using a Zod schema intemplate.config.ts, which mitigates the risk of arbitrary code injection. - Indirect Prompt Injection (SAFE): The skill handles external data via configuration parameters.
- Ingestion points:
NftTransfersPipeTemplateParamsSchemaintemplate.config.ts(accepts contract addresses and collection names). - Boundary markers: Uses Zod for strict type validation and defaults.
- Capability inventory: Logic is confined to data mapping for the Subsquid indexer; no file-system write or shell execution capabilities are present in the scripts.
- Sanitization: Type-level sanitization via Zod schema ensures inputs conform to expected formats before template rendering.
- Data Handling (SAFE): No evidence of credential harvesting, sensitive file access, or unauthorized network communication. The network-related logic is limited to defining EVM contract addresses for blockchain data ingestion.
Audit Metadata