coinbase-agentkit
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and implementation examples for the official Coinbase AgentKit framework. All external resources, including NPM packages and URLs, originate from legitimate Coinbase infrastructure or well-known development tools.\n- [EXTERNAL_DOWNLOADS]: Fetches components from the official @coinbase scope on NPM and references official Coinbase documentation and repositories.\n- [PROMPT_INJECTION]: The framework allows agents to execute onchain transactions based on user prompts, creating a surface for indirect prompt injection.\n
- Ingestion points: User input processed via LangChain or Vercel AI SDK tools.\n
- Boundary markers: None explicitly shown in snippets; relies on framework defaults.\n
- Capability inventory: Wallet management, token transfers, swaps, and NFT minting.\n
- Sanitization: Uses Zod for strict schema validation of tool arguments.\n- [COMMAND_EXECUTION]: Includes standard npm create and npm install commands for project setup and dependency management, which are routine developer workflows.
Audit Metadata