onchain-data-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches blockchain transaction data and smart contract source code from official API endpoints of well-known services, including Etherscan, Polygonscan, Arbiscan, Basescan, and BscScan. These are established services in the cryptocurrency ecosystem.
- [COMMAND_EXECUTION]: The skill executes Python scripts to process and format blockchain data. These scripts use standard Python libraries (json, sys, os, re, urllib) and do not perform any arbitrary system command execution or shell spawning.
- [DATA_EXFILTRATION]: There is no evidence of unauthorized data transmission. The skill manages sensitive information, such as API keys, through environment variables (e.g., ETHERSCAN_API_KEY) as a security best practice, rather than hardcoding credentials.
- [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: The scripts
contract_analyzer.pyandetherscan_address.pyingest external data, such as contract source code and transaction logs, from blockchain explorer APIs. - Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are used in the formatted output provided to the agent.
- Capability inventory: The skill does not possess high-risk capabilities like
eval,exec, or file-writing based on the external data received. - Sanitization: The skill parses and displays the external content directly. While the content is analyzed via regex in the Python scripts, there is no specific sanitization of the text before it enters the LLM context, relying on the agent's built-in safety mechanisms.
Audit Metadata