defi-portfolio-manager

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses sensitive financial information (portfolio holdings, valuations, and positions) by reading a Google Spreadsheet using the gws (Google Workspace) CLI tool. This data is used for internal analysis within the agent environment.
  • [EXTERNAL_DOWNLOADS]: Fetches real-time market data, yield information, and collateral parameters from well-known services including DefiLlama (yields.llama.fi) and Morpho (api.morpho.org). These requests are performed using standard curl operations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and reasons over untrusted data from the public web (via WebSearch) and third-party APIs (Morpho/DefiLlama).
  • Ingestion points: Processes news articles and incident reports from WebSearch results, JSON/GraphQL responses from DeFi APIs, and CSV data from user-defined Google Sheets.
  • Boundary markers: There are no specific delimiters or "ignore instructions" wrappers used when interpolating external data into the agent's context.
  • Capability inventory: The skill uses curl for network requests, gws for file/sheet access, and has the capability to spawn and coordinate multiple sub-agents to perform parallel tasks.
  • Sanitization: The instructions do not define any sanitization, filtering, or validation steps for the content retrieved from external sources before it is analyzed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 08:03 AM
Security Audit — agent-trust-hub — defi-portfolio-manager