crypto-bd-agent
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill is entirely instructional and does not contain any Python code, Node.js packages, shell scripts, or executable commands.
- [INDIRECT_PROMPT_INJECTION]: The skill describes an agent behavior that involves processing untrusted data from multiple external sources.
- Ingestion points: The workflow identifies 'Web Scraping' (via Firecrawl) and 'Community' (protocol forums) as primary intelligence sources in SKILL.md.
- Boundary markers: No specific boundary markers, delimiters, or system instructions to ignore embedded commands are defined for the ingestion of external data.
- Capability inventory: The agent is designed to generate 'Outreach Drafts' based on the scoring of gathered intelligence, which could be manipulated by malicious content in the source data.
- Sanitization: The skill includes a 'Human-in-the-loop' rule (Rule 2) requiring manual approval for all outreach drafts before they are transmitted, providing a manual sanitization gate against indirect prompt injection.
Audit Metadata