ranger-finance
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the SDK demo and agent kit from the vendor's official GitHub repositories (github.com/ranger-finance/sor-ts-demo.git, github.com/ranger-finance/ranger-agent-kit.git).
- [COMMAND_EXECUTION]: Provides instructions for setting up the development environment, cloning repositories, and running the MCP server locally (python -m ranger_mcp).
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests untrusted market data and position details from an external API (api.ranger.finance) which could influence agent behavior.
- Ingestion points: Data retrieved from endpoints like POST /order_metadata and GET /positions as documented in SKILL.md and resources/api-reference.md.
- Boundary markers: Absent from the provided instruction snippets to delimit external data from agent instructions.
- Capability inventory: Local transaction signing and network execution as seen in examples/transactions/example.ts and templates/setup.ts.
- Sanitization: No explicit sanitization or validation of API-returned content is demonstrated in the provided code.
- [DATA_EXFILTRATION]: Utilizes sensitive information (WALLET_PRIVATE_KEY) stored in environment variables to sign transactions locally. While this follows standard decentralized application practices using .env files, it involves handling highly sensitive credentials that an agent could potentially access.
Audit Metadata