1inch

Warn

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess to execute external binaries across multiple scripts. This includes using curl to fetch platform OIDC tokens from a local unix socket and node to execute JavaScript logic for building complex protocol orders.
  • [CREDENTIALS_UNSAFE]: The function _oidc_token in scripts/_oneinch_lib.py directly accesses the sensitive Fly.io platform API at /.fly/api to retrieve identity tokens for authentication with the wallet service.
  • [PROMPT_INJECTION]: The SKILL.md contains strong directives that instruct the agent to disregard platform-registered tools (specifically any oneinch_* tools) and instead rely solely on manual command-line execution of local Python scripts.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 14, 2026, 06:54 PM
Security Audit — agent-trust-hub — 1inch