chainlink-data-feeds-skill
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No evidence of prompt injection, role-play overrides, or instructions to bypass safety guidelines was detected. The instructions focus entirely on routing user requests to the correct technical reference files.
- [DATA_EXFILTRATION]: The skill does not access sensitive local files or attempt to exfiltrate data. It uses network tools primarily for fetching documentation from official sources.
- [EXTERNAL_DOWNLOADS]: The skill references standard development libraries and tools from the author's official ecosystem (e.g., @chainlink/contracts, @chainlink/solana-sdk). All documentation URLs point to official domains.
- [COMMAND_EXECUTION]: The skill provides legitimate CLI commands for blockchain development environments (Aptos CLI, Solana CLI, TronBox, StarkNet Foundry). These are standard workflows for the described tasks.
- [DYNAMNIC_CONTEXT_INJECTION]: No dynamic context injection patterns (e.g., !
commandsyntax) were found in the SKILL.md file. - [PRIVILEGE_ESCALATION]: No attempts to acquire elevated permissions or modify system-level configurations were detected.
- [INDIRECT_PROMPT_INJECTION]: The skill has a surface for ingesting data via WebFetch, but it restricts sources to official documentation. It explicitly instructs the agent to provide the URL to the user for verification if live documentation is used, maintaining a clear trust boundary.
Audit Metadata