sushiswap-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill requires the installation of
sushiandviemvia standard package managers. These are well-known, legitimate packages used for interacting with the SushiSwap protocol and the Ethereum blockchain. - DATA_EXFILTRATION (SAFE): The example code references
process.env.PRIVATE_KEYfor transaction signing. This is a standard practice for managing secrets in a non-hardcoded manner and does not indicate unauthorized data exposure. - PROMPT_INJECTION (LOW): The skill has a surface for indirect prompt injection as it processes data from the SushiSwap Aggregator API. 1. Ingestion points: The
getSwapmethod inreferences/REFERENCE.mdingests transaction calldata from an external API. 2. Boundary markers: None; the SDK expects to use the API response directly. 3. Capability inventory: The skill useswalletClient.sendTransactioninreferences/REFERENCE.mdto execute transactions. 4. Sanitization: None; the data is used exactly as returned by the API. This risk is inherent to the primary function of the skill and is considered acceptable for its intended purpose.
Audit Metadata