trade-prediction-markets
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow involves generating Python code via the create_prediction_market_strategy tool and subsequently executing it using the run_prediction_market_backtest tool. This dynamic code execution is required for the skill's intended purpose of strategy simulation and backtesting.
- [PROMPT_INJECTION]: There is a risk of indirect prompt injection because the create_prediction_market_strategy tool generates executable code based on a user-provided description parameter. 1. Ingestion points: The description parameter in create_prediction_market_strategy enters the agent context to generate code. 2. Boundary markers: No specific boundary markers or instructions are defined to isolate the user-provided description from the code generation logic. 3. Capability inventory: The skill provides the run_prediction_market_backtest tool, which facilitates the execution of generated Python scripts. 4. Sanitization: There is no evidence of sanitization, validation, or sandboxing mentioned for the generated code before execution in the backtest environment.
Audit Metadata