crypto-report
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from
theblockbeats.newsandbinance.comwhich is then processed by an agent with shell execution capabilities. - Ingestion points:
scripts/theblockbeats-news.shandscripts/binance-ai-report.shfetch content viacurl. - Boundary markers: Absent. External text is provided to the agent without separation or safety warnings.
- Capability inventory:
SKILL.mddefines shell execution as a primary function, providing a high-privilege context for any injected instructions. - Sanitization: None observed.
- Command Execution (MEDIUM): The bash scripts take positional arguments that are interpolated into shell commands and URLs. In
theblockbeats-news.sh, parameters like$PAGEand$SIZEare used directly in a URI, creating a risk of parameter manipulation. - Data Exposure (LOW): The skill performs network operations to non-whitelisted domains.
- Logic Error (INFO): The script
theblockbeats-news.shreferences a$PAYLOADvariable that is never defined in that file.
Recommendations
- AI detected serious security threats
Audit Metadata