tokenomist

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill fetches token-related data from api.tokenomist.ai. This content is ingested into the agent's context, presenting a surface for indirect prompt injection if the external data source were to include malicious instructions.
  • Ingestion points: tools/client.py and tools/tokenomist_tools.py handle API responses.
  • Boundary markers: The tools return structured JSON data, which provides some implicit separation.
  • Capability inventory: The skill uses proxied network requests and local code imports.
  • Sanitization: The _safe_error_message function in tools/tokenomist_tools.py redacts API keys from error messages.
  • [COMMAND_EXECUTION]: The skill uses bash blocks to execute Python code that loads local modules. This allows the agent to run the skill's logic using the local environment.
  • [DATA_EXFILTRATION]: The skill sends the TOKENMIST_API_KEY to api.tokenomist.ai to authenticate data requests. This is the expected and documented behavior for interacting with the service.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 06:52 AM
Security Audit — agent-trust-hub — tokenomist