dca-bot
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill provides explicit defensive instructions to the agent regarding input validation. It mandates that all user-provided or configuration values must be validated against specific regex patterns and must not contain shell metacharacters, effectively mitigating potential injection attempts through configuration fields.
- [DATA_EXFILTRATION]: No exfiltration patterns or unauthorized data access were identified. The skill explicitly requires that API keys and sensitive credentials be sourced from environment variables rather than being hardcoded or stored in the skill's state files.
- [COMMAND_EXECUTION]: The skill's configuration limits the scope of shell tools to specific package managers and fetching tools (
npm,npx,curl). Execution of critical actions like transaction signing and broadcasting is delegated to external integrations (viem-integrationandswap-integration), ensuring the strategy layer does not handle private keys or raw transaction building directly. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface as it processes external data from a Trading API and local state files.
- Ingestion points: User-provided token addresses, swap amounts, cadence settings, and market price data fetched from the Trading API
/quoteendpoint (SKILL.md). - Boundary markers: Not explicitly defined for prompt interpolation, but the skill relies on strict pre-processing validation.
- Capability inventory: Uses
Bash,Write,Edit, andWebFetch(SKILL.md). - Sanitization: Implements mandatory regex validation for addresses (
^0x[a-fA-F0-9]{40}$) and amounts (^[0-9]+\.?[0-9]*$), and a comprehensive rejection list for shell metacharacters (SKILL.md).
Audit Metadata