jupiter
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses official Helius and Jupiter APIs and SDKs from verified domains including helius-rpc.com, jup.ag, and helius.xyz. All identified external resources are authenticated vendor tools for the Solana ecosystem.\n- [SAFE]: Credential security is prioritized. Instructions explicitly discourage hardcoding API keys and recommend using environment variables or the helius-mcp configuration server for authentication.\n- [SAFE]: Remote scripts and setup commands, such as 'npx helius-mcp' and Jupiter's swap plugin script, are sourced from official and well-known repositories.\n- [SAFE]: Although the skill processes untrusted on-chain data (Ingestion: references/helius-das.md asset metadata) and has transaction submission capabilities (Capability inventory: references/helius-sender.md), it mitigates indirect injection risks by recommending safety tools like Jupiter Token Shield (Sanitization: references/jupiter-tokens-price.md).
Audit Metadata