coingecko

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill connects exclusively to official CoinGecko Pro API endpoints at pro-api.coingecko.com. No suspicious or unauthorized external network connections were identified during the analysis.
  • [SAFE]: Authentication credentials, specifically the COINGECKO_API_KEY, are managed securely using environment variables. The code correctly utilizes os.getenv and python-dotenv to load secrets, avoiding hardcoded credentials.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it retrieves and processes natural language content (such as cryptocurrency descriptions) from an external API.
  • Ingestion points: Found in tools/coins.py (descriptions in get_coin_data) and tools/search.py (search results in search).
  • Boundary markers: Absent; retrieved API data is not enclosed in protective delimiters.
  • Capability inventory: The skill is designed to be invoked via bash as per the delivery instructions in SKILL.md, providing a potential path for instruction obedience if malicious content is fetched.
  • Sanitization: Absent; strings returned from the CoinGecko API are passed directly to the agent's context without filtering or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 12:35 AM
Security Audit — agent-trust-hub — coingecko