tokenomist
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches token-related data from
api.tokenomist.ai. This content is ingested into the agent's context, presenting a surface for indirect prompt injection if the external data source were to include malicious instructions. - Ingestion points:
tools/client.pyandtools/tokenomist_tools.pyhandle API responses. - Boundary markers: The tools return structured JSON data, which provides some implicit separation.
- Capability inventory: The skill uses proxied network requests and local code imports.
- Sanitization: The
_safe_error_messagefunction intools/tokenomist_tools.pyredacts API keys from error messages. - [COMMAND_EXECUTION]: The skill uses
bashblocks to execute Python code that loads local modules. This allows the agent to run the skill's logic using the local environment. - [DATA_EXFILTRATION]: The skill sends the
TOKENMIST_API_KEYtoapi.tokenomist.aito authenticate data requests. This is the expected and documented behavior for interacting with the service.
Audit Metadata