analyzing-market-sentiment
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation in
references/implementation.mddirects the agent to use theReadtool to access sensitive API credentials from a configuration file at{baseDir}/config/crypto-apis.env. - [COMMAND_EXECUTION]: The script
scripts/news_sentiment.pyimplements dynamic loading of code by modifyingsys.pathat runtime to import modules from a computed path relative to the script location. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch data from well-known external sources including the Alternative.me Fear & Greed API, the CoinGecko API, and various news RSS feeds (CoinTelegraph, CoinDesk, Decrypt).
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: Untrusted news headlines and summaries fetched in
scripts/news_sentiment.py. Boundary markers: Absent in tool output. Capability inventory: Execution of Python scripts via theBashtool. Sanitization: None provided for the raw news text presented to the agent for interpretation.
Audit Metadata