finding-arbitrage-opportunities
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to well-known and reputable cryptocurrency data providers and exchanges, including CoinGecko, Binance, Coinbase, Kraken, KuCoin, OKX, and various decentralized exchange subgraphs. These interactions are limited to fetching public market data from established technology services.
- [DATA_EXFILTRATION]: No evidence of sensitive data exfiltration was detected. Network operations are restricted to authorized price aggregation and exchange APIs. The skill properly manages potential credentials by recommending the use of environment variables or local configuration files, with no code paths for transmitting secrets externally.
- [PROMPT_INJECTION]: The skill's instructions and market data processing logic are secure. Findings regarding potential indirect prompt injection: 1. Ingestion points: Market data is fetched in price_fetcher.py from public APIs. 2. Boundary markers: Numeric processing logic implicitly filters content. 3. Capability inventory: Bash execution is strictly limited to scoped internal scripts. 4. Sanitization: All external data is parsed into numeric types (Decimal) before being processed, preventing malicious strings from influencing agent behavior.
- [COMMAND_EXECUTION]: All bash commands are restricted to the skill's specific scripts using the
crypto:arbitrage-*scope, ensuring the agent cannot execute arbitrary commands outside of the provided arbitrage analysis tools.
Audit Metadata