defi-risk-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and accompanying scripts are focused entirely on providing a security auditing service for the user. It uses standard tools like curl, jq, and git to interact with public APIs and repositories.
- [SAFE]: Helper scripts (goplus-check.sh and onchain-check.sh) use robust input validation (e.g., regex matching for hex addresses) before passing data to interpreters like Python or Node.js, effectively preventing command injection.
- [SAFE]: The vast amount of documentation provided serves as reference data for the agent to recognize historical exploit patterns (e.g., the 'Drift-type' or 'Kelp-type' patterns). While some documents are future-dated (2026), they do not contain prompt injection or instructions to bypass safety filters.
- [SAFE]: Data handling is transparent; it requests API keys via a standard .env configuration and does not attempt to exfiltrate them or access sensitive local files outside of its own project scope.
Audit Metadata