Skills
skills/coinpaprika/skills/dexpaprika-api/Gen Agent Trust Hub

dexpaprika-api

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Fetches and executes the official DexPaprika CLI installation script from the vendor's GitHub repository (https://raw.githubusercontent.com/coinpaprika/dexpaprika-cli/main/install.sh) using a piped shell command. This is a standard installation procedure for the vendor's own tooling.- [EXTERNAL_DOWNLOADS]: Downloads configuration files, installation scripts, and market data from vendor-controlled endpoints including api.dexpaprika.com and the coinpaprika GitHub organization.- [COMMAND_EXECUTION]: The skill provides numerous examples for the agent to execute shell commands using the dexpaprika-cli tool to search for tokens, filter pools, and stream real-time prices.- [PROMPT_INJECTION]: The skill ingests external data from public API responses, representing a potential surface for indirect prompt injection.
  • Ingestion points: Market data and search results from api.dexpaprika.com and streaming.dexpaprika.com (File: SKILL.md).
  • Boundary markers: Absent; external data is processed and presented to the agent without specific delimiters.
  • Capability inventory: Local command execution via the dexpaprika-cli tool (File: SKILL.md).
  • Sanitization: Absent; the instructions do not specify validation or escaping for the ingested API data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 07:16 AM
Security Audit — agent-trust-hub — dexpaprika-api