coingecko
Pass
Audited by Gen Agent Trust Hub on May 30, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill connects exclusively to official CoinGecko Pro API endpoints at
pro-api.coingecko.com. No suspicious or unauthorized external network connections were identified during the analysis. - [SAFE]: Authentication credentials, specifically the
COINGECKO_API_KEY, are managed securely using environment variables. The code correctly utilizesos.getenvandpython-dotenvto load secrets, avoiding hardcoded credentials. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it retrieves and processes natural language content (such as cryptocurrency descriptions) from an external API.
- Ingestion points: Found in
tools/coins.py(descriptions inget_coin_data) andtools/search.py(search results insearch). - Boundary markers: Absent; retrieved API data is not enclosed in protective delimiters.
- Capability inventory: The skill is designed to be invoked via
bashas per the delivery instructions inSKILL.md, providing a potential path for instruction obedience if malicious content is fetched. - Sanitization: Absent; strings returned from the CoinGecko API are passed directly to the agent's context without filtering or escaping.
Audit Metadata