swap-status
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill mandates strict regex validation (
^0x[a-fA-F0-9]{64}$) for the transaction hash input, which prevents command injection or malicious instruction overrides during shell execution. - [COMMAND_EXECUTION]: Shell commands utilizing the
castutility are constructed using the validated transaction hash. This prevents arbitrary code execution through user-controlled parameters. - [EXTERNAL_DOWNLOADS]: The skill connects to established public RPC nodes for various blockchain networks (e.g., Ethereum, Arbitrum, Polygon). These are well-known infrastructure providers and do not pose a security risk in the context of querying public blockchain data.
- [CREDENTIALS_UNSAFE]: No hardcoded secrets, private keys, or API tokens are present. The skill design relies on public RPC endpoints that do not require authentication.
Audit Metadata