defillama
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill handles the
DEFILLAMA_API_KEYusing environment variables, avoiding the risk of hardcoded secrets. It correctly instructs the user to manage keys through environmental configuration. - [DATA_EXFILTRATION]: Network activity is restricted to well-known and official DefiLlama domains. The skill uses internal proxy clients (
proxied_get) which ensures that all outbound traffic is routed through authorized platform channels. - [PROMPT_INJECTION]: The skill ingests technical DeFi data from external APIs. Although this constitutes an indirect data ingestion surface, the structured and numerical nature of the data (TVL, APY, etc.) presents a very low risk for indirect prompt injection attacks.
Audit Metadata