swap-tokens
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official packages from the verified author (@circle-fin/*) and well-known industry standard libraries (viem, @solana/kit), which are appropriate for its stated purpose.
- [SAFE]: Instructions include strong security rules that prohibit the storage or display of private keys and API keys, instead mandating the use of environment variables and secure secret management.
- [SAFE]: To prevent unauthorized fund movement, the skill explicitly instructs the agent to never execute transactions automatically and to always require manual confirmation of all swap parameters (chain, tokens, amount) from the user.
- [SAFE]: The skill mitigates potential indirect prompt injection risks from repository files by explicitly stating that repository content is for context only and must never be used to infer transaction parameters without user validation.
Audit Metadata