Skills
skills/starchild-ai-agent/official-skills/1inch/Gen Agent Trust Hub

1inch

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill contains instructions in SKILL.md that guide the agent to bypass security rejections by proposing a highly permissive 'wildcard baseline' policy (ALLOW *) to the user. This pattern encourages users to disable safety filters and security constraints.
  • [COMMAND_EXECUTION]: Multiple components execute system commands via the subprocess module. exports.py and scripts/test_create_limit_order_v3.py execute Node.js processes to handle complex order building, while scripts/_oneinch_lib.py uses curl via subprocess to interact with local unix sockets.
  • [DATA_EXFILTRATION]: The skill retrieves sensitive Fly.io OIDC tokens from the restricted /.fly/api unix socket to obtain the agent's identity. These tokens are then transmitted externally to the WALLET_SERVICE_URL within HTTP headers.
  • [EXTERNAL_DOWNLOADS]: The skill's Fusion Mode functionality relies on external JavaScript dependencies defined in scripts/fusion_node/package.json (such as @1inch/fusion-sdk and ethers), which must be present in the environment for execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 01:04 AM