crypto-token-screener

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (scripts/screen.py) to perform data collection. This is a transparent and expected operation for the skill's logic.
  • [EXTERNAL_DOWNLOADS]: The skill's bundled script fetches market data from well-known services (DefiLlama and CoinGecko). These network requests are standard for crypto-asset analysis and target reputable domains.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external APIs.
  • Ingestion points: Market and fee data are fetched from DefiLlama and CoinGecko via scripts/screen.py.
  • Boundary markers: The agent is instructed to format output into structured markdown tables and specific report sections.
  • Capability inventory: The skill uses network GET requests and writes analysis results to crypto/next-hype-candidates.md.
  • Sanitization: The script uses standard JSON parsing which ensures data structure, though it does not explicitly sanitize strings for downstream LLM processing. Given the well-known sources and primary purpose, this surface is considered a normal risk.
  • [SAFE]: No obfuscation, data exfiltration, or persistence mechanisms were detected. The skill operates within its described scope and includes appropriate educational disclaimers.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — crypto-token-screener