Skills
skills/tyler-tsai/lista-skills-personal/lista/Gen Agent Trust Hub

lista

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like mkdir, echo, and cat to manage local configuration files for language preferences and wallet addresses in the ~/.lista/ directory.
  • [COMMAND_EXECUTION]: It invokes a local Node.js script (scripts/moolah.js) and curl to interact with the official Lista API. The script is self-contained and uses only the Node.js standard library.
  • [DATA_EXFILTRATION]: The skill fetches data from https://api.lista.org, the official service endpoint. This interaction involves sending the user's wallet address to retrieve position and reward data, which is consistent with the skill's primary function.
  • [PROMPT_INJECTION]: The skill includes strict 'Format Enforcement' instructions that mandate plain-text output and specific structural templates. These constraints serve as a mitigation against potential indirect prompt injection attacks from data retrieved via external APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 07:59 AM