tracking-crypto-portfolio
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill processes external, user-provided JSON files to load portfolio holdings, which creates an indirect prompt injection surface. \n
- Ingestion points:
scripts/portfolio_loader.pyreads JSON data from the file system. \n - Capability inventory: The skill uses
Bash(crypto:portfolio-*),Read, andWritetools across its scripts. \n - Boundary markers: There are no specific boundary markers or instructions to the model to ignore potential injection content within the JSON data. \n
- Sanitization: Data is validated and cast to numeric types where appropriate, but string fields like coin symbols and notes are reflected in the output. \n- [COMMAND_EXECUTION]: The skill defines and uses a scoped Bash tool permission pattern (
crypto:portfolio-*) to execute its Python scripts, which minimizes the risk of arbitrary command execution. \n- [SAFE]: Network requests are made to the CoinGecko API (api.coingecko.com) to retrieve market prices. This is a well-known service, and the data exchanged is restricted to public asset symbols without involving sensitive user information or system credentials. \n- [SAFE]: There is a discrepancy between the reported author (aAAaqwq) and the author listed in the metadata (Jeremy Longshore), which is flagged for potential metadata poisoning or misleading information.
Audit Metadata