near-intents
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No instructions designed to override agent behavior or bypass safety guardrails were found. The skill content is strictly technical and educational.
- [DATA_EXFILTRATION] (SAFE): The skill performs network requests to 1click.chaindefuser.com for its primary functionality. While this domain is not on the default whitelist, it is the central component of the skill's purpose, and no sensitive local data is targeted for exfiltration. Severity is downgraded to SAFE based on use-case alignment.
- [REMOTE_CODE_EXECUTION] (SAFE): No patterns of remote script downloading or execution (e.g., curl piped to shell) were detected.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill presents a surface for indirect injection by processing external API responses. Evidence: 1. Ingestion points: GET /v0/tokens and POST /v0/quote responses in
react-hooks.mdandserver-example.md. 2. Boundary markers: Not used in provided snippets. 3. Capability inventory: Blockchain transaction signing and network fetch requests. 4. Sanitization: Not explicitly implemented in the minimal example code. - [CREDENTIALS_UNSAFE] (SAFE): Code examples appropriately use environment variables for sensitive data like private keys and API tokens, avoiding hardcoded secrets.
Audit Metadata