blockfill-agent-execution

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'blockfill' package from the standard Python Package Index (PyPI), which is a legitimate and expected dependency for the skill's functionality.
  • [COMMAND_EXECUTION]: The SDK executes a bundled binary to manage local order signing and exchange connectivity, ensuring trading logic and keys remain under the user's control and on their local machine.
  • [SAFE]: Credential management follows security best practices by storing API keys in a local configuration file ('~/.blockfill/config.toml') with restricted filesystem permissions (chmod 0600), ensuring that sensitive data is not transmitted to third parties or stored insecurely.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 09:47 AM
Security Audit — agent-trust-hub — blockfill-agent-execution