truenorth
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @truenorth-ai/cli package globally from the NPM registry as a required dependency.
- [COMMAND_EXECUTION]: Executes the tn CLI tool to perform technical analysis and retrieve market metrics from a remote server.
- [DATA_EXFILTRATION]: Transmits the user's full message content to the vendor's API at api.adventai.io for the purpose of entity recognition.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it retrieves and summarizes external news and event data from an API without utilizing specific boundary markers or data sanitization logic.
Audit Metadata