solana

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs network requests to well-known infrastructure providers, specifically the Solana mainnet-beta RPC and CoinGecko's public API. These operations are essential for the skill's stated purpose of retrieving blockchain data and asset pricing.
  • [SAFE]: No external package dependencies are used. The tool is implemented using only standard Python libraries (urllib, json, argparse), which minimizes the attack surface.
  • [SAFE]: No hardcoded credentials or access to sensitive local files were detected; the skill utilizes environment variables for optional configuration of the RPC endpoint.
  • [SAFE]: Data ingestion points in scripts/solana_client.py (via _http_get_json and _rpc_call) fetch data from the blockchain and pricing APIs. While this represents an external data ingestion surface, the skill lacks dangerous capabilities such as file-system writes or shell command execution, and it correctly uses json.load() for sanitization, mitigating risks associated with indirect prompt injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 01:44 PM
Security Audit — agent-trust-hub — solana