saturnswap-portfolio
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of Node.js scripts (
scripts/my-liquidity.jsandscripts/my-orders.js) using user-provided parameters such as bech32 wallet addresses and pool identifiers. While this is expected functionality, the agent must ensure these inputs are treated strictly as data to prevent potential command injection in sensitive shell environments.- [PROMPT_INJECTION]: The skill processes and displays external data (token tickers, pool metadata, and order statuses) from the SaturnSwap indexer, presenting an indirect prompt injection surface.\n - Ingestion points: Data enters via the
saturnswap-client.jsmodule used inscripts/my-liquidity.jsandscripts/my-orders.js.\n - Boundary markers: None; external data is integrated directly into the agent's display output.\n
- Capability inventory: The skill is limited to reading and displaying data; it lacks capabilities for file system writes, arbitrary command execution, or outbound network requests within its own scripts.\n
- Sanitization: External data like token tickers and pool IDs are printed directly. The risk is assessed as safe given the specific display-oriented purpose of the skill.- [SAFE]: No obfuscation techniques, hardcoded credentials, or unauthorized remote code execution patterns were found. The skill correctly references local scripts for its core logic and follows legitimate patterns for a blockchain portfolio viewer.
Audit Metadata