stablecoin-yield-vs-tradfi
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches version metadata from the author's official repository on GitHub to check for updates.
- [COMMAND_EXECUTION]: Includes a bash script for version management that executes an update command via npx. This behavior is limited to the author's verified infrastructure.
- [DATA_EXFILTRATION]: Communicates with api.barker.money to fetch public yield data. The skill documentation explicitly states that no private information is transmitted and provides guidelines for handling untrusted external data.
- [PROMPT_INJECTION]: No behavioral overrides or safety bypass attempts were found. The skill follows best practices by instructing the agent to treat external API values as data rather than instructions.
Audit Metadata