crypto-token-screener
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script (
scripts/screen.py) to perform data collection. This is a transparent and expected operation for the skill's logic. - [EXTERNAL_DOWNLOADS]: The skill's bundled script fetches market data from well-known services (DefiLlama and CoinGecko). These network requests are standard for crypto-asset analysis and target reputable domains.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external APIs.
- Ingestion points: Market and fee data are fetched from DefiLlama and CoinGecko via
scripts/screen.py. - Boundary markers: The agent is instructed to format output into structured markdown tables and specific report sections.
- Capability inventory: The skill uses network GET requests and writes analysis results to
crypto/next-hype-candidates.md. - Sanitization: The script uses standard JSON parsing which ensures data structure, though it does not explicitly sanitize strings for downstream LLM processing. Given the well-known sources and primary purpose, this surface is considered a normal risk.
- [SAFE]: No obfuscation, data exfiltration, or persistence mechanisms were detected. The skill operates within its described scope and includes appropriate educational disclaimers.
Audit Metadata