Skills
skills/aibtcdev/skills/jingswap/Gen Agent Trust Hub

jingswap

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The file jingswap.ts contains a hardcoded API key JINGSWAP_API_KEY used to authenticate requests to the Jingswap API. Hardcoding secrets in source code is an unsafe practice.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to https://faktory-dao-backend.vercel.app to retrieve auction data and pricing information.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of untrusted data from an external API.
  • Ingestion points: Data is ingested via the jingswapGet function in jingswap.ts from an external API endpoint.
  • Boundary markers: None. The fetched data is directly output to the console and incorporated into the agent's context.
  • Capability inventory: The skill has the capability to execute blockchain transactions (callContract) and perform network operations (fetch).
  • Sanitization: None. There is no evidence of data sanitization or validation before the external content is processed by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 11:17 PM