Skills
skills/txnlab/skills/haystack-router/Gen Agent Trust Hub

haystack-router

Fail

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis

================================================================================

🔴 VERDICT: HIGH

This skill presents a HIGH risk primarily due to its instructions on handling highly sensitive mnemonic phrases for automated swaps. While the skill itself does not perform malicious actions, it provides code examples that, if implemented insecurely by the user, could lead to the compromise of private keys and funds. Additionally, the skill relies on external, unverified dependencies, and includes hardcoded API keys in examples, which, while for a free tier, represent a general security hygiene concern.

Total Findings: 4

🔴 HIGH Findings: • CREDENTIALS_UNSAFE

  • references/node-automation.md:15, references/swaps.md:30: The skill provides explicit instructions and code examples for handling mnemonic phrases using algosdk.mnemonicToSecretKey(mnemonic). While this is a common pattern for backend automation, it involves direct handling of highly sensitive cryptographic material. Insecure handling (e.g., improper storage, logging, or deployment) by the user could lead to the compromise of private keys and funds.

🟡 MEDIUM Findings: • UNVERIFIABLE_DEPENDENCY

  • SKILL.md:20, references/getting-started.md:7, references/migration.md:5, references/node-automation.md:5, references/react-integration.md:5: The skill instructs users to install external packages via npm install @txnlab/haystack-router algosdk, @txnlab/use-wallet-react, and @tanstack/react-query. The @txnlab organization is not on the list of trusted GitHub organizations, and algosdk and @tanstack/react-query are not explicitly listed as trusted. This means the skill relies on external code that cannot be fully audited by this analysis, posing a supply chain risk.

🔵 LOW Findings: • DATA_EXFILTRATION (minor)

  • SKILL.md:25, references/configuration.md:10, references/fees-and-referrals.md:10, references/getting-started.md:12, references/quotes.md:7, references/swaps.md:7: The free tier API key 1b72df7e-1131-4449-8ce1-29b79dd3f51e is hardcoded in multiple code examples. While this specific key is public and for a free tier, hardcoding API keys is generally a poor security practice and could lead to issues if a production key were to be hardcoded similarly. • COMMAND_EXECUTION (setup)
  • SKILL.md:20, references/getting-started.md:7, references/migration.md:5, references/node-automation.md:5, references/react-integration.md:5: The skill requires npm install commands for setup. This involves executing external commands, which is expected for installing dependencies. While not arbitrary in a malicious sense, it is a form of command execution that relies on the integrity of the installed packages.

================================================================================

Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 13, 2026, 10:14 AM