optimizing-defi-yields
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches DeFi protocol yield data from DeFiLlama (
yields.llama.fi) and token pricing from CoinGecko (api.coingecko.com). These are established, well-known services within the cryptocurrency domain. - [COMMAND_EXECUTION]: The skill provides a suite of Python scripts (
yield_optimizer.py,protocol_fetcher.py, etc.) designed to be executed via the local Bash environment to process and display market data. - [DATA_EXFILTRATION]: The skill implements a local caching mechanism in
~/.defi_yield_cache.jsonto improve performance and handle API rate limits. This access is restricted to the skill's own operational data. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted data from external APIs.
- Ingestion points:
protocol_fetcher.pyfetches pool metadata and protocol descriptions from the DeFiLlama API. - Boundary markers: Absent; the skill does not wrap API-sourced strings in delimiters or include instructions to ignore embedded commands.
- Capability inventory: The skill has access to
Bash,Read, andWritetools as defined inSKILL.md. - Sanitization: Data is parsed as JSON, but there is no specific filtering or escaping of natural language content that could contain malicious instructions.
Audit Metadata