index-bot
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill implements strong security controls:
- Input Validation: The skill includes a comprehensive validation suite that uses regular expressions to verify token addresses and numeric values.
- Command Injection Prevention: Explicitly rejects shell metacharacters (e.g.,
;,|,&,$) when processing user instructions to prevent exploitation during basket spec parsing. - Least Privilege Execution: Financial operations such as quoting, swapping, and transaction signing are delegated to dedicated external integrations, minimizing the direct risk surface of the skill.
- Credential Security: Mandates that API keys be sourced from environment variables and prohibits hardcoded secrets.
- Operational Guardrails: Requires mandatory spend caps, token allowlists, and dry-run simulations before any autonomous execution occurs.
Audit Metadata