Skills
skills/tyler-tsai/lista-skills-personal/lista-lending/Gen Agent Trust Hub

lista-lending

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses execSync to delegate transaction signing to the local lista-wallet-connect skill. Arguments are properly wrapped in quotes to prevent shell injection, and the operation is restricted to local components of the agent framework.
  • [EXTERNAL_DOWNLOADS]: Fetches market and vault data via public RPC endpoints for BSC and Ethereum (e.g., binance.org, drpc.org). These are trusted infrastructure services for DeFi applications.
  • [PROMPT_INJECTION]: An indirect prompt injection surface was identified.
  • Ingestion points: Blockchain protocol data (vault names, asset symbols) fetched via MoolahSDK in src/api/vault.ts and src/api/market.ts and displayed to the agent.
  • Boundary markers: Absent in data processing logic.
  • Capability inventory: Transaction execution via lista-wallet-connect CLI (src/executor.ts).
  • Sanitization: Relies on standard SDK parsing; no explicit sanitization of display strings against prompt-override characters. The risk is mitigated by mandatory user consent required for all state-changing actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 01:17 PM