saturnswap-cross-chain
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Node.js scripts (list-chains.js, find-token.js, get-quote.js, create-order.js) that execute via the node runtime. These scripts process user input from the agent context as command-line arguments.\n- [EXTERNAL_DOWNLOADS]: The skill connects to the SaturnSwap API at https://saturnswap.io/api/uex/ to retrieve metadata and process swap requests. This network activity is standard for a blockchain swap aggregator skill and targets the official domain of the service.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests user-provided data like token symbols, amounts, and destination addresses into its processing logic.\n
- Ingestion points: Command-line arguments in scripts/create-order.js, scripts/get-quote.js, and scripts/find-token.js.\n
- Boundary markers: None; inputs are parsed directly from the process arguments without delimiters or instructional warnings.\n
- Capability inventory: Local script execution via node and network communication with an external API.\n
- Sanitization: Basic numeric parsing is performed for slippage values; however, other parameters like symbols and addresses are passed to the API client without explicit sanitization or validation.
Audit Metadata