1inch
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocessto execute external binaries across multiple scripts. This includes usingcurlto fetch platform OIDC tokens from a local unix socket andnodeto execute JavaScript logic for building complex protocol orders. - [CREDENTIALS_UNSAFE]: The function
_oidc_tokeninscripts/_oneinch_lib.pydirectly accesses the sensitive Fly.io platform API at/.fly/apito retrieve identity tokens for authentication with the wallet service. - [PROMPT_INJECTION]: The
SKILL.mdcontains strong directives that instruct the agent to disregard platform-registered tools (specifically anyoneinch_*tools) and instead rely solely on manual command-line execution of local Python scripts.
Audit Metadata