tracking-crypto-portfolio
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests data from user-supplied JSON holdings files and reflects it in the agent's active context without isolation.\n
- Ingestion points: The scripts/portfolio_loader.py script reads external JSON files (e.g., holdings.json) provided by the user.\n
- Boundary markers: Absent. Portfolio content is displayed in reports without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill is authorized to use the Bash tool (for portfolio scripts) and Read/Write tools.\n
- Sanitization: Absent. Asset symbols and metadata from the JSON are processed and displayed as raw strings.\n- [DATA_EXFILTRATION]: The skill performs network operations to fetch market data from CoinGecko's public API (api.coingecko.com). This is a well-known service for cryptocurrency pricing data.\n- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute its internal Python scripts for portfolio valuation and reporting.\n- [EXTERNAL_DOWNLOADS]: The skill requires the requests Python library, which is a standard package from an established public registry.
Audit Metadata