polygon-defi
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches DeFi yield pool metadata from the Sequence Trails API (https://trails-api.sequence.app/rpc/Trails/GetEarnPools) to support discovery of yield opportunities.
- [COMMAND_EXECUTION]: Executes on-chain financial transactions, such as token swaps and protocol deposits, using the polygon-agent command-line utility.
- [DATA_EXFILTRATION]: Sends the SEQUENCE_PROJECT_ACCESS_KEY to the Trails API via HTTP headers for authentication purposes.
- [PROMPT_INJECTION]: The ingestion of external API response data presents a surface for indirect prompt injection, where untrusted strings (e.g., pool names) could influence agent actions. 1. Ingestion points: External API data described in SKILL.md. 2. Boundary markers: Absent; external data is not delimited or isolated from agent instructions. 3. Capability inventory: Access to polygon-agent CLI with broad transaction capabilities including swap, deposit, and withdraw. 4. Sanitization: Absent; no validation or escaping of API-provided content is documented.
Audit Metadata