Skills
skills/holon-run/uxc/defillama-pro-openapi-skill/Gen Agent Trust Hub

defillama-pro-openapi-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill provides defensive guidance for managing DefiLlama Pro API keys, recommending environment variables via --secret-env and instructing users to sanitize local daemon logs where keys might appear in URL paths.
  • [COMMAND_EXECUTION]: The skill utilizes the uxc tool to interact with pro-api.llama.fi. These operations are limited to the scope of the curated OpenAPI schema provided by the vendor.
  • [SAFE]: While the skill ingests external data from the DefiLlama API, the risk of indirect prompt injection is limited by its read-only focus and the requirement for structured JSON output.
  • Ingestion points: API responses from pro-api.llama.fi (SKILL.md).
  • Boundary markers: The skill mandates the use of JSON output for automation, avoiding text-based interpretations (SKILL.md).
  • Capability inventory: Interaction with the DefiLlama Pro API host as defined in the OpenAPI schema (references/defillama-pro.openapi.json).
  • Sanitization: The skill relies on the structured nature of the JSON response format.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:14 AM