Skills
skills/flux-point-studios/cardano-defi-skills/saturnswap-analytics/Gen Agent Trust Hub

saturnswap-analytics

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The scripts api-status.js, platform-stats.js, and top-pools.js all import logic from a relative path ../../../scripts/saturnswap-client.js. This creates a dependency on an unverifiable file located outside the skill's directory structure, which may lead to inconsistent or unsafe behavior depending on the host environment's file system content.
  • [PROMPT_INJECTION]: The script top-pools.js accepts user-influenced input via the --order command-line argument and interpolates it directly into a query string: { ${orderField}: DESC }. Because this input is not validated or sanitized, it creates a vulnerability surface where a malicious user could attempt to inject additional query parameters or fields into the request sent to the underlying SaturnSwap API.
  • [COMMAND_EXECUTION]: The skill executes multiple JavaScript files using the Node.js runtime to perform analytics and status checks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 01:21 AM