defillama-api
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches cryptocurrency market data, TVL, and token prices from DeFiLlama's official subdomains (api.llama.fi, coins.llama.fi, and stablecoins.llama.fi). DeFiLlama is a well-known analytics service.
- [PROMPT_INJECTION]: The skill ingests data from external API responses, creating a surface for potential indirect prompt injection.
- Ingestion points: scripts/defi_snapshot.py, scripts/price_lookup.py
- Boundary markers: None detected
- Capability inventory: The skill performs network operations via httpx but lacks file system or system command access.
- Sanitization: Standard JSON parsing is used for API response processing.
Audit Metadata