analyzing-on-chain-data
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates with trusted, well-known financial data providers (api.llama.fi and api.coingecko.com) for all analytics data.
- [COMMAND_EXECUTION]: The agent's bash execution environment is restricted to the specific prefix 'crypto:onchain-*', ensuring only the provided python analytics scripts can be run.
- [CREDENTIALS_UNSAFE]: Secret management follows best practices; the skill instructs the agent to read credentials from environment variables or local configuration files like 'crypto-apis.env' rather than using hardcoded keys.
- [EXTERNAL_DOWNLOADS]: The skill utilizes the standard Python 'requests' library for network operations and does not download or execute any unverifiable third-party scripts.
- [SAFE]: Evaluation of indirect prompt injection surface (Category 8): Ingestion points: scripts/data_fetcher.py (DeFiLlama API). Boundary markers: Absent. Capability inventory: Read, Write, Edit, Bash. Sanitization: None. The structured nature of the financial metrics retrieved makes the risk of accidental or adversarial instruction obedience from the data source negligible.
Audit Metadata