web3-defi-protocols
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted data from external DeFi protocols and presenting it to the agent, which could theoretically be manipulated to influence the agent's logic.\n
- Ingestion points: Data is fetched from
yields.llama.fiinscripts/yield_finder.py,api.1inch.devinscripts/oneinch_swap.py, andapi.cow.fiinscripts/cow_swap.py.\n - Boundary markers: No explicit delimiters or instructions are used to separate external data from the agent's system instructions.\n
- Capability inventory: The skill is designed to perform on-chain financial operations, including supply, borrow, and swap transactions, which are capabilities that could be targeted via manipulated input.\n
- Sanitization: Content such as pool names and project descriptions are used directly in responses to the agent without escaping or validation.\n- [EXTERNAL_DOWNLOADS]: The skill connects to well-known DeFi infrastructure services to facilitate its primary functions.\n
- Evidence: It makes legitimate network requests to established services including DeFiLlama, 1inch Developer Portal, and CoW Protocol API to retrieve real-time market data and quotes.
Audit Metadata