yield-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's logic is transparent and focuses on legitimate financial calculations without any suspicious activity. The provided Python scripts and markdown references are strictly analytical in nature.
- [DATA_EXFILTRATION]: The script scripts/yield_comparison.py accesses the public DeFiLlama API (yields.llama.fi) to fetch market data. This network activity is safe as it only retrieves public, non-sensitive information and does not transmit any private user data.
- [EXTERNAL_DOWNLOADS]: The skill requires standard Python libraries, specifically numpy for mathematical operations and httpx for network requests. These are well-known dependencies from official registries and are appropriate for the skill's stated purpose.
- [PROMPT_INJECTION]: The skill ingests external pool data from the DeFiLlama API, which represents a standard ingestion surface for indirect prompt injection. However, the risk is mitigated by the skill's focus on numerical output and the absence of dangerous system capabilities.
- Ingestion points: scripts/yield_comparison.py retrieves strings (project names, symbols) from an external API.
- Boundary markers: Data is displayed in standard text tables.
- Capability inventory: Limited to mathematical modeling and read-only API access; the skill lacks file-writing, command execution, or unauthorized network-send capabilities.
- Sanitization: Strings are used for informational labels in reports and are not evaluated as commands.
Audit Metadata