jito-bundles
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill follows security best practices for Solana transaction management and does not contain any malicious patterns or attempts to bypass agent safety guidelines.
- [EXTERNAL_DOWNLOADS]: The skill performs network requests to official Jito block engine endpoints (e.g., "https://mainnet.block-engine.jito.wtf/api/v1/bundles") to fetch tip accounts, submit transaction bundles, and query landing statuses. These are well-known services within the Solana ecosystem for MEV protection.
- [PROMPT_INJECTION]: The skill ingests data from external Jito API responses, which constitutes an indirect ingestion point.
- Ingestion points: API result values from "getTipAccounts" and "getBundleStatuses" in "scripts/build_bundle.py" and "scripts/check_bundle_status.py".
- Boundary markers: None explicitly used for API data, though it is processed as structured JSON.
- Capability inventory: Performs network POST requests using the "httpx" library and constructs blockchain transactions.
- Sanitization: Relies on standard JSON parsing and public key validation from the "solders" library.
Audit Metadata